[dba-Tech] Viruses coming for several days from 195.167.69.130....

MartyConnelly martyconnelly at shaw.ca
Tue May 31 09:20:37 CDT 2005 

Well if you track down that ip address 

195.167.69.130

through whois http://www.eventid.net/whois.asp
and then the ripe.net whois
You get to this isp site  in athens.
http://www.otenet.gr/english/index.htm

Abuse & Spam:   abuse at otenet.gr 


  Query the RIPE Whois Database
  Search for   

% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Note: the default output of the RIPE Whois server
% is changed. Your tools may need to be adjusted. See
% http://www.ripe.net/db/news/abuse-proposal-20050331.html
% for more details.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
%       To receive output for a database update, use the "-B" flag
% Information related to '195.167.69.0 - 195.167.69.255'
inetnum:      195.167.69.0 - 195.167.69.255
netname:      PROFILE-O
descr:        23 Praxitelous str
descr:        10562 ATHENS
country:      GR
admin-c:      CS1409-RIPE
tech-c:       GS1522-RIPE
status:       ASSIGNED PA
mnt-by:       OTENET-GR-MNT
source:       RIPE # Filtered
person:       Ch Stasinopoulos
address:      23 Praxitelous str
address:      10562 ATHENS
address:      GR
phone:        +30-1-3315060
fax-no:       +30-1-3221268
nic-hdl:      CS1409-RIPE
mnt-by:       OTENET-GR-MNT
source:       RIPE # Filtered
person:       G Stamatopoulos
address:      23 Praxitelous str
address:      10562 ATHENS
address:      GR
phone:        +30-1-3315060
fax-no:       +30-1-3221268
nic-hdl:      GS1522-RIPE
mnt-by:       OTENET-GR-MNT
source:       RIPE # Filtered
% Information related to '195.167.0.0/17AS6799'
route:        195.167.0.0/17
descr:        OTEnet
origin:       AS6799
remarks:      OTEnet S.A. Multiprotocol Backbone & ISP
mnt-by:       OTENET-GR-MNT
source:       RIPE # Filtered
Bold: Object type.
Underlined: Primary key(s).
Hyperlinks: Searchable Attributes.
 
 % Information related to 'OTENET-GR-MNT'
mntner:       OTENET-GR-MNT
descr:        OTEnet S.A.
descr:        Provider Local Registry
descr:        GR
admin-c:      CZ586-RIPE
tech-c:       AV323-RIPE
tech-c:       KK656-RIPE
upd-to:       koskar at otenet.gr
mnt-nfy:      hostmaster at otenet.gr
auth:         MD5-PW $1$WGf12NLy$S/5FNuPeVTs14UUxoM3i61
auth:         MD5-PW $1$wWvJCcm7$7WN21dLp1BfV9yrCVzcKI/
remarks:      +---------------------------------+
remarks:      |General enquiries: noc at otenet.gr |
remarks:      |Abuse & Spam:   abuse at otenet.gr  |
remarks:      |DNS & RIPE: hostmaster at otenet.gr |
remarks:      +---------------------------------+
mnt-by:       OTENET-GR-MNT
referral-by:  RIPE-DBM-MNT
source:       RIPE # Filtered
person:       Christos Zampiras
address:      OTEnet S.A.
address:      109 Kifissias Ave. & Sina Str.
address:      Maroussi 15124
address:      GR
phone:        +302106151961
fax-no:       +302106151900
e-mail:       xrizamp at otenet.gr
nic-hdl:      CZ586-RIPE
mnt-by:       OTENET-GR-MNT
source:       RIPE # Filtered
person:       Achilles Voliotis
address:      OTEnet S.A.
address:      109 Kifissias Ave. & Sina Str.
address:      Maroussi 15124
address:      GR
phone:        +30-210-6151900
fax-no:       +30-210-6151900
e-mail:       achilles at otenet.gr
nic-hdl:      AV323-RIPE
mnt-by:       OTENET-GR-MNT
source:       RIPE # Filtered
person:       Karatheodorou Kostas
address:      Network Operation and Management Center - NOMC
address:      OTEnet SA
address:      OTE Building, 3rd floor
address:      47 Mpenaki Str. & Koletti Str.
address:      GR 10681, Athens GREECE
phone:        +30-210-6151600
fax-no:       +30-210-6151900
e-mail:       koskar at otenet.gr
nic-hdl:      KK656-RIPE
mnt-by:       OTENET-GR-MNT
source:       RIPE # Filtered

Bryan Carbonnell wrote:

>On 5/30/05, MartyConnelly <martyconnelly at shaw.ca> wrote:
>  
>
>>Sounds like someone has borrowed your email address. if you are getting
>>bounced viruses or spam reports.
>>I had this happen about 6 months ago and got 300 or so pieces of mail a day
>>Since my address was a large cross Canada ISP with a million users,
>>nobody was going to blacklist it.
>>The blitz lasted about 2 1/2 weeks. I just ignored it.
>>    
>>
>
>True, very few people are going to blacklist an entire ISP, but Shamil
>is/was receiving virii from a specific IP address.
>
>I have had this happen before. With the received headers, I could
>trace it back to a specific IP (and e-mail address) and armed with
>that info, I contacted the offender and when that fell on deaf ears, I
>contacted the offenders ISP.
>
>They, the offenders ISP, blocked them for a while (it appeared that it
>was in the order of several weeks) until the offender got their PC
>cleaned up.
>
>  
>

-- 
Marty Connelly
Victoria, B.C.
Canada

More information about the dba-Tech mailing list