OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: Japanese "IPv6" group allocating for IPv4 spamming?

From: Dale Fay (dalefmerit.edu)
Date: Fri Jun 06 2003 - 11:18:46 CDT


  The ARIN record does show that it belongs to IPv6 Promotion Council of Japan.
There was mention at last week's NANOG of spammers stealing unused netblocks
for their use. My guess is that is what is happening.

On Thu, Jun 05, 2003 at 02:45:02PM -0700, Jay D. Dyson wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi folks,
>
> I've long since blackholed most of Asia due to their rampant
> spamming and incompetent (or worse, indifferent) admins. This latest
> incident only cements my stance.
>
> I received the following spam just a few minutes ago. Mind you,
> I've seen countless spam messages in my day, but the originating IP is
> what caught my eye:
>
>
> - -----BEGIN FORWARDED MESSAGE-----
>
> Return-Path: <info_masteryume.otegami.com>
> Received: (qmail 2233 invoked from network); 5 Jun 2003 21:13:01 -0000
> Received: from f136.ac130.freebit.ne.jp (HELO yume234.com) (43.244.130.136)
> by h-66-134-87-75.lsanca54.covad.net with SMTP; 5 Jun 2003 21:13:01 -0000
> From: ug0605 <info_masteryume.otegami.com>
> To: [redacted]
> Reply-To: info_masteryume.otegami.com
> Subject: [gibberish deleted]
> Date: Fri, 06 Jun 2003 06:11:24 +0900
> MIME-Version: 1.0
> Content-Type: multipart/mixed;
> boundary="de9908d2-2375-4e23-87c8-09a261c806b2"
>
> [body of spam deleted]
>
> - -----END FORWARDED MESSAGE-----
>
>
> When I saw the first Received line, I polled APNIC's databases for
> the cognizant party. The system responded that this Japanese netblock is
> not allocated to APNIC. So then I tried ARIN. And that's when things got
> interesting.
>
> ARIN stated that it too did not have that IP block allocated, but
> it did confirm that it belonged to "Japan Inet" and referred me to the
> "IPv6PC Whois Database" (whois.v6nic.net). Okay, fine...but why is a
> group that apparently touts itself as working exclusively with IPv6 doling
> out IPv4 address space for spammers?
>
> Maybe I'm way off base here (wouldn't be the first time), but
> something really stinks in Tokyo. Until such time that I can get an
> answer on this, 43.0.0.0/8 is in the blackhole.
>
> - -Jay
>
> ( ( _______
> )) )) .-"There's always time for a good cup of coffee."-. >====<--.
> C|~~|C|~~| (>------ Jay D. Dyson - jdysontreachery.net ------<) | = |-'
> `--' `--' `-If guns cause crime, then spoons cause obesity.-' `------'
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.2 (TreacherOS)
> Comment: See http://www.treachery.net/~jdyson/ for current keys.
>
> iD8DBQE+37njNlg1oZSC9mkRAi6QAJ0cPERAww8lvVFtm6NUyRwc97CQhwCfbfx+
> b/pwVrvzllBRYe/DH6WRS0I=
> =XPg3
> -----END PGP SIGNATURE-----
>
> ----------------------------------------------------------------------------
> ----------------------------------------------------------------------------

--

Dale Fay
Merit RSng/RADB
www.rsng.net
www.radb.net

----------------------------------------------------------------------------
----------------------------------------------------------------------------