Re: OT: do any comcast users ever get spam from comcastonline.com?

From: Aaron Hall (lisps_at_vitaphone.net)
Date: 07/01/04

  • Next message: William Ballard: "Re: OT: do any comcast users ever get spam from comcastonline.com?" 
    Date: Thu, 1 Jul 2004 00:23:53 -0500 (CDT)
To: debian-user <debian-user@lists.debian.org>

    On Mon, 28 Jun 2004, William Ballard wrote:

    > In addition to occasionally getting mails which appear to be from
    > comcast from m0.net, I occasionally get emails with headers thusly:

    [headers and links snipped]

    > My email preferences say send me no emails and I've called Comcast
    > several times and they said this is some sort of Phishing. The IP
    > Address 198.178.10.193 is suspiciously close to 192.168.x.x, so maybe
    > they are telling the truth.

    In this case, that doesn't mean anything. Of course, 192.168.x.x is
    reserved for internal use -- but it's the only IP block in that
    neighborhood to be so reserved. That 198.178.x.x is close is
    coincidence.

    You can do some further checking in cases like these. First, do a
    reverse-lookup on the IP. Often there's a reverse PTR record in DNS
    telling you what the hostname is. This is easily accomplished with
    host, dig, or nslookup. In this case, though, there doesn't seem to be
    such a PTR record.

    Also, try looking up who owns that address space. It's just:

        whois <ip number>

    The WHOIS database isn't always up-to-date, but it does have some info:

        revolver: ~ % whois 198.178.10.193
        Telecommunications, Inc. (TCI) TCI-NET3 (NET-198-178-10-0-1)
                                         198.178.10.0 - 198.178.10.255
        Telecommunications, Inc. (TCI) NETBLK-TCI-NET (NET-198-178-8-0-1)
                                         198.178.8.0 - 198.178.15.255

    IIRC, TCI was bought by AT&T Broadband, which was subsequently bought by
    Comcast. So this might now be Comcast address space. It's not enough to
    convict them by itself, but it suggests the spam is coming from their
    network (if the headers can be trusted).

    - Aaron 

    -- 
Aaron Hall           :         "Poor soul, very sad; her late husband,
ahall@vitaphone.net  :          you know, a very sad death -- eaten by
                     :          missionaries, poor soul..."
                     :                              -- Rev. Wm. Spooner
-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
  • Next message: William Ballard: "Re: OT: do any comcast users ever get spam from comcastonline.com?"