netcurmudgeon (netcurmudgeon) wrote,
netcurmudgeon
netcurmudgeon

  • Mood:
  • Music:

Some parts of the 'net need chlorine

I get a lot of Spam. I get some really obnoxious Spam. This gem was in my in-box this morning.

###

Date: Wed, 14 Sep 2005 16:51:42 GMT
From: vivienraymer@ad.funnel.revenuedirect.com.akadns.net
To: xxxxxxxx@xxxxx.xxxxxx.xxx
Subject: Lolitas hardcore

Taboo club open. Child Porn exclusive archive.

Softcore and hardcore.
Forbidden pics.
Very Little Children.

Take a free tour at http://seadvdcompany.com

No joke. Child Porn exists.
###

I do something about Spam like this. I took a peek at the site to see if it was what it claimed to be. It was. In spades. After washing my eyes and my laptop with Lavoris I did a traceroute to the server to see who owned it.

###

C:\users\seshipma>tracert seadvdcompany.com

Tracing route to seadvdcompany.com [68.142.234.55]
over a maximum of 30 hops:

1 2 ms 2 ms 1 ms sh_arn_eth0 [10.144.241.1]
2 10 ms 9 ms 9 ms co_bln01_fr0 [10.144.240.1]
3 11 ms 11 ms 10 ms co_bln03 [10.224.4.6]
4 12 ms 17 ms 11 ms co_att-cisco_eth0 [199.105.240.1]
5 21 ms 20 ms 19 ms att-next-hop [12.125.51.229]
6 29 ms 29 ms 29 ms gbr1-p20.n54ny.ip.att.net [12.123.1.130]
7 31 ms 33 ms 31 ms tbr2-p013801.n54ny.ip.att.net [12.122.11.17]
8 31 ms 30 ms 36 ms tbr2-cl1.wswdc.ip.att.net [12.122.10.54]
9 73 ms 70 ms 119 ms gar1-p390.ascva.ip.att.net [12.123.8.53]
10 175 ms 200 ms 284 ms 12.118.44.10
11 51 ms 39 ms 34 ms ge-3-1-0.p440-msr1.re1.yahoo.com [216.115.96.189]
12 29 ms 28 ms 30 ms unknown-206-190-41-73.yahoo.com [206.190.41.73]
13 37 ms 38 ms 37 ms p6w6.geo.re2.yahoo.com [68.142.234.55]

Trace complete.
###

...And found that the site was hosted on a server own by none other than Yahoo!

I went to www.arin.net (the American Registry for Internet Numbers) and used their whois tool to lookup ownership information for the server's IP address.

ARIN's records list full information for the organization that has been issued the block of IP addresses that the server's address is part of. Included in there are abuse email addresses. And one's that work; they're the abuse email addresses ISPs use to tell each other when someone is screwing up on the net.

I forwarded the spam (with full headers) and the results of the traceroute to all of Yahoo's listed abuse addresses.

This afternoon I checked the site again, and was very pleased to see that it was down, hard. Now, any number of other people could have alerted Yahoo to this kiddie-porn emporium, but I'd like to think that I had a hand in helping get rid of this one. I can only hope that the Yahoo staff called the Feds instead of merely pulling the plug on these perverts.
Subscribe
  • Post a new comment

    Error

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 3 comments