- NZNOG - lists.nznog.org

RE: [nznog] stream of Orcon spam
by Seeby Woodhouse 18 Sep '03

18 Sep '03

I wasn't aware that there was any 'constant stream of spam' coming from us. However - I've been following up since seeing your email the other day. My understanding from the tech team is that we are on top of this and do respond to such things - if you have previously tried to get us to take action and nothing has happened, then I'd be keen to know about it. Cheers Seeby Woodhouse Managing Director Orcon Internet Limited - www.orcon.net.nz Mob +64 (0) 21 366 666 / Wk +64 (9) 444 4414 ext 700 -----Original Message----- From: Tony Wicks [mailto:nzog(a)road.gen.nz] Sent: Friday, September 19, 2003 6:25 AM To: Liz Q Cc: nznog(a)list.waikato.ac.nz Subject: RE: [nznog] stream of Orcon spam They don't respond. -----Original Message----- From: Liz Q [mailto:liz(a)debian.co.nz] Sent: Friday, 19 September 2003 12:20 a.m. To: nzog(a)road.gen.nz Cc: nznog(a)list.waikato.ac.nz Subject: Re: [nznog] stream of Orcon spam Perhaps you should take it up with them, I'm fairly sure they will be happy to find whos account it is and remove it. Liz Q On Wed, 2003-09-17 at 21:36, Tony Wicks wrote: > Hi all, is anyone else seeing a constant stream of spam **again** emanating > from Orcon ? > > > ( now added to "hosts.deny" ) > > > > Received: from dbmail-mx1.orcon.co.nz (loadbalancer-VIP.orcon.net.nz > [219.88.242.2]) > by *removed* (8.12.8/8.12.8) with ESMTP id h8H63EcG011226 > for <*removed*>; Wed, 17 Sep 2003 18:03:34 +1200 > Received: from 219.88.242.10 ([218.63.107.253]) > by dbmail-mx1.orcon.co.nz (8.12.6/8.12.6/Debian-7) with SMTP id > h8H61d2d006264 > for <*removed*>; Wed, 17 Sep 2003 18:02:25 +1200 > Received: from uvd.cixzx.net (HELO jk0) ([103.212.63.23]) by 219.88.242.10 > id <2581790-60199> for <*removed*>; Wed, 17 Se > p 2003 14:54:17 +0600 > Message-ID: <b-1$-f$oj422x(a)c9n.dl4l.2h3y> > From: "Iris Oliver" <q2djix5co3u(a)eguo.com> > Reply-To: "Iris Oliver" <q2djix5co3u(a)eguo.com> > To: <*removed*> > Subject: Develop a Larger Penis in Weeks > > > Received: from dbmail-mx3.orcon.co.nz (loadbalancer-VIP.orcon.net.nz > [219.88.242.2]) > by *removed* (8.12.8/8.12.8) with ESMTP id h8H5UvcG011061 > for <*removed*>; Wed, 17 Sep 2003 17:30:58 +1200 > Received: from modemcable084.162-202-24.hull.mc.videotron.ca > (modemcable084.162-202-24.hull.mc.videotron.ca [24.202.162.84]) > by dbmail-mx3.orcon.co.nz (8.12.6/8.12.6/Debian-7) with SMTP id > h8H5Tho7008819 > for <*removed*>; Wed, 17 Sep 2003 17:29:45 +1200 > Received: from [150.94.211.109] > by modemcable084.162-202-24.hull.mc.videotron.ca; > Wed, 17 Sep 2003 00:27:00 -0600 > Message-ID: <u$1eo2yj-u36$gq(a)1sbkl8.s.c6l2y> > From: "Brianna Avery" <25mypdms(a)gateway.com> > Reply-To: "Brianna Avery" <25mypdms(a)gateway.com> > To: *removed* > Subject: *removed* male enhancement patch 3 qchywrehm > > > > _______________________________________________ > NZNOG mailing list > NZNOG(a)list.waikato.ac.nz > http://list.waikato.ac.nz/mailman/listinfo/nznog -- This PC runs Linux. If you find a virus apparently from me, it has forged the e-mail headers on someone else's machine. Please do not notify me when this occurs. Thanks. _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

1 0

Re: [nznog] Email for domains hosted by 2day.com
by Ewen McNeill 18 Sep '03

18 Sep '03

In message <Pine.WNT.4.55.0309172108560.696(a)den3>, Juha Saarinen writes: >On Wed, 17 Sep 2003, Ewen McNeill wrote: >> And if nothing else it's probably useful to have a single document to >> wave at people saying "these are all the bad things you've caused by >> doing this". > >That's been documented already, as in the 2day.com case. To reinforce the "one list with which to beat people up", this post on NANOG: http://www.merit.edu/mail.archives/nanog/msg13728.html points out that Verisign are in an interesting position with HTTPS access: not only do they have the wildcard DNS entry to draw traffic their way (apparently consuming one AS and two /24s on the way past), they've also got the trusted CA certificates to sign any SSL certificates needed (on the fly if they wish). The little "trusted site" closed lock on, eg: https://www.placetobuystuff.com/ is (amazinginly) a little less meaningful than it was before. (I'm also amazed that, apparently, no one has registered that domain name. It seems such an obvious one for the type-stuff-in-and-see-what-happens crowd.) FWIW, these: http://www.haque.net/verisign_dns_rant.php http://www.merit.edu/mail.archives/nanog/msg13682.html aren't a bad (early) start at a summary of problems (from Tuesday). Ewen

5 5

Re: [nznog] Email for domains hosted by 2day.com
by david＠farrar.com 18 Sep '03

18 Sep '03

Bob Gray wrote: > On 19 Sep 2003 at 9:17, Antonio Broughton wrote: > > > So if i was to say "ihug.net" has bad data.... that will > > mean ihug.net will get deleted also? :) > > More to the point if someone said that the nz record is > bad: > > [snip] > Technical Contact: > Name: ITS Operators > Organization: The University of Waikato > Address1: Private Bag 3105 > [snip] > > would that get deleted too? InternetNZ has been trying to get that changed for, well around four years now. There has been many a fight with ICANN about them refusing to update details for .nz zone despite it being inaccurate. What was ironic was that one year their request for a fee/donation didn't get through because they sent it to the old mailing address which they had refused to change. They have got more responsive of late and as I understand it there is an attempt underway to get this final piece of incorrect information fixed. DPF

1 0

Re: [nznog] Email for domains hosted by 2day.com
by Peter Mott 18 Sep '03

18 Sep '03

Antonio Broughton wrote: > So if i was to say "ihug.net" has bad data.... that will mean ihug.net > will get deleted also? :) Who knows :-( Looks like our record in the DomainDiscover database got screwed at some time after we transferred 2day.com to them from Verisign. In case anybody is wondering, Dan Halloran <halloran(a)icann.org> knows who I am. As do most ICANN folk. So the NZ person who complained did not tell us, nor did ICANN. That sucks. ... Dear Registrar, Please find below here a report concerning inaccurate Whois data for 2day.com. As you are aware, section 3.7.8 of your Registrar Accreditation Agreement obligates you to take reasonable steps to investigate each such report you receive. After you have completed your investigation and taken any appropriate action, please record the disposition of this report by submitting a Registrar Whois Correction Report at: http://www.internic.net/cgi/rpt_whois/update.cgi?rid=jo0tpjmLcZfyT3tE5CmCIg Thank you for your cooperation. If you have any questions, please feel free to contact Dan Halloran <halloran(a)icann.org>. BestRegards, ICANN Whois Problem Reports --------------------------- Name:INFORMANT_DELETED_BY_PETER_MOTT Email:INFORMANT_EMAIL_DELETED_BY_PETER_MOTT Domain:2day.com Registrar:DOMAINDISCOVER Errors in Registrant Information: Address:INCORRECT Phone:INCORRECT Description: No address or telephone number given. Errors in Administrative Contact Information: Address:INCORRECT Phone:INCORRECT Description: No address or telephone number given. Errors in Technical Contact Information: Address:INCORRECT Phone:INCORRECT Description: No address or telephone number given --------------------------- Whois Server Version 1.3 Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. Domain Name: 2DAY.COM Registrar: DOMAINDISCOVER Whois Server: whois.domaindiscover.com Referral URL: http://www.domaindiscover.com Name Server: NS3.2DAY.COM Name Server: NS1.2DAY.COM Name Server: NS2.2DAY.COM Status: ACTIVE Updated Date: 22-may-2003 Creation Date: 24-oct-1997 Expiration Date: 23-oct-2004 This WHOIS database is provided for information purposes only. We do not guarantee the accuracy of this data. The following uses of this system are expressly prohibited: (1) use of this system for unlawful purposes; (2) use of this system to collect information used in the mass transmission of unsolicited commercial messages in any medium; (3) use of high volume, automated, electronic processes against this database. By submitting this query, you agree to abide by this policy. Registrant: 2Day Internet Limited , US Domain Name: 2DAY.COM Administrative Contact, Technical Contact, Zone Contact: 2Day Internet Limited Mott, Peter , US peter(a)2DAY.COM Domain created on 23-Oct-1997 Domain expires on 22-Oct-2004 Last updated on 22-May-2003 Domain servers in listed order: NS1.2DAY.COM NS3.2DAY.COM NS2.2DAY.COM -- Peter Mott Chief Enthusiast 2DAY INTERNET LIMITED http://www.2day.com "Hell, there are no rules here - we're trying to accomplish something!" Thomas A Edison

2 1

stream of Orcon spam
by Tony Wicks 18 Sep '03

18 Sep '03

Hi all, is anyone else seeing a constant stream of spam **again** emanating from Orcon ? ( now added to "hosts.deny" ) Received: from dbmail-mx1.orcon.co.nz (loadbalancer-VIP.orcon.net.nz [219.88.242.2]) by *removed* (8.12.8/8.12.8) with ESMTP id h8H63EcG011226 for <*removed*>; Wed, 17 Sep 2003 18:03:34 +1200 Received: from 219.88.242.10 ([218.63.107.253]) by dbmail-mx1.orcon.co.nz (8.12.6/8.12.6/Debian-7) with SMTP id h8H61d2d006264 for <*removed*>; Wed, 17 Sep 2003 18:02:25 +1200 Received: from uvd.cixzx.net (HELO jk0) ([103.212.63.23]) by 219.88.242.10 id <2581790-60199> for <*removed*>; Wed, 17 Se p 2003 14:54:17 +0600 Message-ID: <b-1$-f$oj422x(a)c9n.dl4l.2h3y> From: "Iris Oliver" <q2djix5co3u(a)eguo.com> Reply-To: "Iris Oliver" <q2djix5co3u(a)eguo.com> To: <*removed*> Subject: Develop a Larger Penis in Weeks Received: from dbmail-mx3.orcon.co.nz (loadbalancer-VIP.orcon.net.nz [219.88.242.2]) by *removed* (8.12.8/8.12.8) with ESMTP id h8H5UvcG011061 for <*removed*>; Wed, 17 Sep 2003 17:30:58 +1200 Received: from modemcable084.162-202-24.hull.mc.videotron.ca (modemcable084.162-202-24.hull.mc.videotron.ca [24.202.162.84]) by dbmail-mx3.orcon.co.nz (8.12.6/8.12.6/Debian-7) with SMTP id h8H5Tho7008819 for <*removed*>; Wed, 17 Sep 2003 17:29:45 +1200 Received: from [150.94.211.109] by modemcable084.162-202-24.hull.mc.videotron.ca; Wed, 17 Sep 2003 00:27:00 -0600 Message-ID: <u$1eo2yj-u36$gq(a)1sbkl8.s.c6l2y> From: "Brianna Avery" <25mypdms(a)gateway.com> Reply-To: "Brianna Avery" <25mypdms(a)gateway.com> To: *removed* Subject: *removed* male enhancement patch 3 qchywrehm

2 2

Email for domains hosted by 2day.com
by Stephen Sheehan 17 Sep '03

17 Sep '03

Hi, Does anybody have a workaround. for .nz MX records I would not have thought it would have been possible to break the MX DNS for a .NZ via a .com fuckup. I would think it can be fitted domestically untill the .com situation is sorted, it is afterall in the .nz namespace see below Thanks Stephen --- MAILER-DAEMON(a)yahoo.com wrote: > Date: 16 Sep 2003 23:46:40 -0000 > From: MAILER-DAEMON(a)yahoo.com > To: axpunix(a)yahoo.com > Subject: failure delivery > > Message from yahoo.com. > Unable to deliver message to the following > address(es). > > <erkel(a)eaudio.co.nz>: > 64.94.110.11 does not like recipient. > Remote host said: 550 User domain does not exist. > Giving up on 64.94.110.11. > > --- Original message follows. > > Return-Path: <axpunix(a)yahoo.com> > Message-ID: > <20030916234640.38894.qmail(a)web13601.mail.yahoo.com> > Received: from [165.84.100.16] by > web13601.mail.yahoo.com via HTTP; Tue, 16 Sep 2003 > 16:46:40 PDT > Date: Tue, 16 Sep 2003 16:46:40 -0700 (PDT) > From: Stephen Sheehan <axpunix(a)yahoo.com> > Subject: test > To: erkel(a)eaudio.co.nz > MIME-Version: 1.0 > Content-Type: text/plain; charset=us-ascii > > test > > __________________________________ > Do you Yahoo!? > Yahoo! SiteBuilder - Free, easy-to-use web site > design software > http://sitebuilder.yahoo.com __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com

16 34

RE: [nznog] Email for domains hosted by 2day.com
by Michael Sutton 17 Sep '03

17 Sep '03

http://www.alexa.com/data/details/traffic_details?q=&url=verisign.com I support what ever can be done to bring Verisign into line... I have reviewed the link (above) showing the dramatic effect of Verisigns "e-jack" and wonder whether there may be a parallel to the similar situation were Worldcom highjacked telephone traffic in the US to route it via Canada in order to "deceive and defraud AT&T into paying termination fees." Doesn't this action unnecessarily generate revenue and costs for networks which send and receive traffic to/from verisign.com site... Who is winning here anyone besides Verisign... MSS INZ Councillor -----Original Message----- From: Keith Davidson [mailto:keith(a)wise.net.nz] Sent: Wednesday, September 17, 2003 08:30 To: nznog(a)list.waikato.ac.nz Subject: Re: [nznog] Email for domains hosted by 2day.com Juha wrote: > Was thinking more about ICANN, actually. There doesn't appear to be any > mechanism to guard against the mistake that affected 2day.com. I realise > it's .com we're talking about, but it did affect .nz users as well. What Veri$ign wants, ICANN provides - and I've never seen the reverse occur. > Is it really a good idea to have a single point of failure like this? Definitely not. Keith Davidson _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

1 0

RE: [nznog] Email for domains hosted by 2day.com
by Michael Bordignon 17 Sep '03

17 Sep '03

> Don't forget that up until now Microsoft owned the World Wide Web. But Microsoft's implementation didn't break mail :) Michael

1 0

Vote Verisign CEO down
by Andy Gardner 17 Sep '03

17 Sep '03

http://www.forbes.com/2003/05/01/cx_ceointernetpoll.html Let's give him a 1% approval rating for September.

6 7

Domainz/SRS registrant data inaccuracies
by Juha Saarinen 17 Sep '03

17 Sep '03

Isn't there a requirement for registrants in .nz to provide accurate information? Look up: pheer.net.nz die.net.nz Does that look like a NZ phone number? Then there's waiariki.ac.nz, which was joe-jobbed by a spammer recently. The registrant and admin email bounces. -- Juha Saarinen

3 3