It's in a few DNSBLs but not specifically for being an open proxy or trojaned box. But if it's in dynamic space, it might have recently changed its IP address. http://openrbl.org/ Lookup 67.172.127.63 (c-67-172-127-63.client.comcast.net) in 20+11 Zones AS: 67.160.0.0/12 AS6172 HomeCorp Redwood City/California Net 67/8 NET67 Chantilly, Virginia Results: Positive=6, Negative=25 (2004-02-23 18:30:32 UTC) @DYNAMIC/dialup: 67.172/16: 553 SORBS DUL @SPAM/spamsource: 67.172.127/24: 553 SPEWS [1] comcast/attbi, see http://spews.org/ask.cgi?S2963 SORBS/sorbs.net: 67.172/16: 553 SORBS DUL [Remove] SPEWS/spews.org: 67.172.127/24: 553 SPEWS2 [1] comcast/attbi, see http://spews.org/ask.cgi?S2963 RFC_IPWH/ipwhois.rfc-ignorant.org: Inaccurate or missing WHOIS data BLARS/block.blars.org: INET 127.1.0.1 Negative 25: @COUNTRY @ISP AHBL BOGONS BONDED BOPM CBL DRBL DSBL FIVETEN INTERSIL JIPPGMA LNSG NJABL NOMORE ORDB PSBL PSS REYNOLDS SBL SPAMBAG SPAMCOP SPAMRBL SPAMSITE UCEPROT cheers, Jamie

-----Original Message----- From: Jonathan Brewer [mailto:jon.brewer(a)worldnet.att.net] Sent: Tuesday, 24 February 2004 6:14 a.m. To: 'nznog NOG' Subject: [nznog] an interesting excercise in whodoneit.

Hey Folks,

It's been a while since I've looked at email headers... Anyone want to tell me which of the below headers are real, and which (if any) are forged? Instinct would tell me that it's straight-forward, and someone rooted a box in the states on a cable modem, but I have no idea what to believe these days.

Cheers,

JB

------------------

Received: from newman.its.waikato.ac.nz ([130.217.66.62]) by worldnet.att.net (mtiwmxc15) with ESMTP id <2004022316453701500ncss5e>; Mon, 23 Feb 2004 16:45:37 +0000 X-Originating-IP: [130.217.66.62] Received: from newman.its.waikato.ac.nz (localhost [127.0.0.1]) by newman.its.waikato.ac.nz (Postfix) with ESMTP id 4EC10127A79; Tue, 24 Feb 2004 05:45:34 +1300 (NZDT) Received: from telescum (c-67-172-127-63.client.comcast.net [67.172.127.63]) by newman.its.waikato.ac.nz (Postfix) with SMTP id AA66312782A for ; Tue, 24 Feb 2004 05:44:20 +1300 (NZDT) From: Donald(a)newman.its.waikato.ac.nz, Neal(a)newman.its.waikato.ac.nz To: the(a)newman.its.waikato.ac.nz, guys(a)newman.its.waikato.ac.nz Message-Id: <20040223164420.AA66312782A(a)newman.its.waikato.ac.nz> Date: Tue, 24 Feb 2004 05:44:20 +1300 (NZDT) Cc: Subject: [nznog] (no subject) X-BeenThere: nznog(a)list.waikato.ac.nz X-Mailman-Version: 2.1.3 Precedence: list List-Id: New Zealand Network Operators Group List-Unsubscribe: http://list.waikato.ac.nz/mailman/listinfo/nznog, mailto:nznog-request(a)list.waikato.ac.nz?subject=unsubscribe List-Archive: http://list.waikato.ac.nz/pipermail/nznog List-Post: mailto:nznog(a)list.waikato.ac.nz List-Help: mailto:nznog-request(a)list.waikato.ac.nz?subject=help List-Subscribe: http://list.waikato.ac.nz/mailman/listinfo/nznog, mailto:nznog-request(a)list.waikato.ac.nz?subject=subscribe

-----Original Message----- From: donald.neal(a)telecom.co.nz [mailto:donald.neal(a)telecom.co.nz] Sent: Tuesday, February 24, 2004 5:54 AM To: undisclosed-recipients: Subject: [nznog] (no subject)

I like to heat p[enis da _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nzn> og

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nzn> og