[ngw] GW Ceasing Support

Trevor Harrison trevor at harrison.org
Tue Jul 10 19:41:28 UTC 2001


Eric Toll wrote:

<snip>

>  
>
> Ok, so now we know it didn't come from Novell.
>
> Has Microsoft lowered it self to paying "open relay" spammers to trash 
> Novell?
>
>  
>
> Looks pretty bad, they are using Exchange and forged their address, 
> open relay
>
> etc.  Domain that email came from Seems to belong to this guy.
>
>    Coordinator:
>       Elfellah, Khalid  (KE2214 <whois?%21KE2214&id=0> )  
> khalid at AIM.NET.MA
>       Global Digitec
>       7522 Campbell Rd. # 113-181
>       Dallas , TX 75248
>       972-669-5095
>
>
>    Hostname: DALLAS.AIM.NET.MA
>    Address: 194.204.208.66 <whois?host+194.204.208.66&id=0>
>    System: ? running ?
>

Actually, AIM.NET.MA was just used as a relay.  The important line is the

Received: from asdf (139.177.224.64 [139.177.224.64]) by mail.q-texte.net.ma

The actual client that sent the email (and it appears to be a hand typed 
smtp conversation) was 139.177.224.64.  According to ARIN, that subnet 
belongs to HBO:

HBO & Company (NET-HBO)
   5995 Windward Parkway
   Alpharetta, GA 30005-4184
   US

   Netname: HBO
   Netblock: 139.177.0.0 - 139.177.255.255

   Coordinator:
      Rajagopalan, Umesh  (UR1-ARIN)  umesh.rajagopalan at hboc.com
      404-338-3329 (FAX) 404-338-5150

   Domain System inverse mapping provided by:

   DNS1.HBOCVAN.COM             139.177.224.79
   DNS2.HBOCVAN.COM             139.177.224.80

   Record last updated on 07-Sep-2000.
   Database last updated on 9-Jul-2001 23:05:15 EDT.

The ARIN Registration Services Host contains ONLY Internet
Network Information: Networks, ASN's, and related POC's.
Please use the whois server at rs.internic.net for DOMAIN related
Information and whois.nic.mil for NIPRNET Information.
Connection closed by foreign host.





More information about the ngw mailing list