[lug] OT: Is this credible? FW: Notice of impending black ho le listingof 134.6.76.0/27

Alex Young Alex.Young at Dynegy.com
Wed May 22 12:55:14 MDT 2002 

Verisign (http://www.netsol.com/cgi-bin/whois/whois) shows the following.
It's interesting to note that the record was updated just 3 days ago:

Registrant:
 Georgia Cracker's Remailer
 145 McAlpin Dr
 Winterville, GA 30683
 US

 Domain Name: GACRACKER.ORG
 
 Administrative Contact:
    Cracker, Georgia  hostmaster at gacracker.org
    145 McAlpin Dr
    Winterville, GA 30683
    US
    706-254-2257

 Technical Contact:
    Technician, Groover Maintenance  postmaster at river.com
    Box 21312
    Boulder, CO 80308
    US
    303-265-9283

 Billing Contact:
    Cracker, Georgia  hostmaster at gacracker.org
    145 McAlpin Dr
    Winterville, GA 30683
    US
    706-254-2257


 Registration Service Provider:
    River of Stars, LLC, postmaster at river.com
    303-265-9283


 Record last updated on 19-Mar-2002.
 Record expires on 08-Mar-2003.
 Record Created on 08-Mar-1999.

 Domain servers in listed order:
    A.NS.NEOSOUTH.NET   216.162.42.102
    B.NS.NEOSOUTH.NET   207.15.209.4
    NS1.SERVERSYSTEMS.NET   207.15.209.252
    NS1.RIVER.COM   206.168.112.68

> >
> > Has anyone seen this before?  We regularly monitor our systems and have
put
> > an incredible effort into ensuring that they are secure and un-abused.
> > Additionally, Maxtor utilizes other servers to do their spamming through
> > (I'm not happy about the fact that they spam, but what can you do?)  The
> > below message sounds technically credible, but I have trouble believing
that
> > any credible blacklist service would require us to send an email back to
> > them just to get more information.  That seems awfully fishy and smells
like
> > their searching for addresses.  Has anyone seen this before?  I've
thrown
> > some searches at Google and don't turn any direct hits up for this.  The
> > message appears to have come from the gacracker.org domain legitimately
and
> > I can't find any signs of spoofing.
> 
> A number of people have stated that auto-responders to email lists, if
> checked by a blackhole service, can trigger this, along with unsolicited
> offers to join lists (which spoofing ends up triggering). Does your
> domain have auto-responders? Then there is the possibility that someone
> spoofed your IP.
> 
> Unfortunately, I can resolve redneck.gacracker.org, but the USA whois
> database does not list them (perhaps they are registered somewhere else
> in the world). Checking for web services under that domain (or
> variations) does not show any web sites. Via a google search, you might
> find this interesting:
> 
> http://www.greatcircle.com/lists/list-managers/digest/list-managers.200107
>  http://webdragon.dotorg.org/~mec/openlist/ol03.txt
> 
> D. Stimits, stimits at idcomm.com
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 3777 bytes
Desc: not available
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20020522/effe4c67/attachment.bin>

More information about the LUG mailing list