Spam from an IP range...

Kai Schaetzl maillists at conactive.com
Sun Feb 22 21:31:16 GMT 2009


Jason Ede wrote on Sun, 22 Feb 2009 09:06:42 +0000:

> Does anyone else know much about this range and if could just safely block the entire /24 range?

Just grep your logs and if there is no legitimate traffic, block the CIDR that 
includes all the mail you got.
It's common that ISP give whole netblocks to a client rack.
And contact the abuse dept. of that ISP in case it's not a safe haven.

OrgName:    WebHostPlus Inc 
OrgID:      WEBHO-3
Address:    1021 Market Street
City:       Paterson
StateProv:  NJ
PostalCode: 07513
Country:    US

ReferralServer: rwhois://whois.webhostplus.net:4321

NetRange:   209.152.160.0 - 209.152.191.255 
CIDR:       209.152.160.0/19 
NetName:    NET-209-152-160-0-19
NetHandle:  NET-209-152-160-0-2
Parent:     NET-209-0-0-0-0
NetType:    Direct Allocation
NameServer: DNS1.SPEEDHOSTING.COM
NameServer: DNS2.SPEEDHOSTING.COM
Comment:    
RegDate:    2002-06-12
Updated:    2008-02-25

OrgAbuseHandle: ABUSE396-ARIN
OrgAbuseName:   Abuse 
OrgAbusePhone:  +1-212-600-9290
OrgAbuseEmail:  abuse at speedhosting.com

OrgTechHandle: WEBHO1-ARIN
OrgTechName:   Network Operations Center 
OrgTechPhone:  +1-212-600-6290
OrgTechEmail:  noc at speedhosting.com

# ARIN WHOIS database, last updated 2009-02-21 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.



Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com





More information about the MailScanner mailing list