Spam from an IP range...
Kai Schaetzl
maillists at conactive.com
Sun Feb 22 21:31:16 GMT 2009
Jason Ede wrote on Sun, 22 Feb 2009 09:06:42 +0000:
> Does anyone else know much about this range and if could just safely block the entire /24 range?
Just grep your logs and if there is no legitimate traffic, block the CIDR that
includes all the mail you got.
It's common that ISP give whole netblocks to a client rack.
And contact the abuse dept. of that ISP in case it's not a safe haven.
OrgName: WebHostPlus Inc
OrgID: WEBHO-3
Address: 1021 Market Street
City: Paterson
StateProv: NJ
PostalCode: 07513
Country: US
ReferralServer: rwhois://whois.webhostplus.net:4321
NetRange: 209.152.160.0 - 209.152.191.255
CIDR: 209.152.160.0/19
NetName: NET-209-152-160-0-19
NetHandle: NET-209-152-160-0-2
Parent: NET-209-0-0-0-0
NetType: Direct Allocation
NameServer: DNS1.SPEEDHOSTING.COM
NameServer: DNS2.SPEEDHOSTING.COM
Comment:
RegDate: 2002-06-12
Updated: 2008-02-25
OrgAbuseHandle: ABUSE396-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-212-600-9290
OrgAbuseEmail: abuse at speedhosting.com
OrgTechHandle: WEBHO1-ARIN
OrgTechName: Network Operations Center
OrgTechPhone: +1-212-600-6290
OrgTechEmail: noc at speedhosting.com
# ARIN WHOIS database, last updated 2009-02-21 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
More information about the MailScanner
mailing list