Info for all

[Joe O'Sullivan]

If you have had the pleasure of mail from Paul...@HushMail.com
here is their reply

Hello,

Thanks for your email. I've received a number of complaints regarding
paul...@hushmail.com,

and we will be disabling his account within the hour. We apologize for

any inconvenience this user has caused.

Should you have any other questions or comments, please contact me. I'm

happy to assist you.

All the best,

TeamHush

[ninai@cyber-tech-computer-remove]

One more of his accounts done for. I, for one, really appreciate you
and Gordon Scott and the others who know how to read the headers,
track down the ISP's and report these idiots.

Thank you all again for doing what you can to at least slow
him down. Too bad his parents don't look over his shoulder once in
a while to see what their "lil darlin" is up to.

Nina Irwin

[Darrell]

Good work Joe. On another note, I'm surprised that HushMail makes such
little effort in hiding the true user name. Naturally, in this case I'm
glad that don't.

Darrell

"Joe O'Sullivan" <jo...@vossnet.co.uk> wrote in message
news:97811502...@serv3.vossnet.co.uk...

[Bill]

> we will be disabling his account within the hour

When are you people going to learn? We based accounts are free for the taking.
Five minutes after they close his account he'll have another. You want to do
something constructive? Go to his ISP.
-----
Email is filtered at the server.

[Darrell]

From what you see in his message source, who do you believe is his isp?
Just asking to learn.

Thanks

"Bill" <crash...@cs.com> wrote in message
news:20001229145402...@ng-fw1.news.cs.com...

[Bill]

>From what you see in his message source, who do you believe is his isp?

As I recall, in his initial mailings his originating IP indicated that he was
using an ISP in North Carolina. Later, after this fact was posted he apparently
started using a proxy server in Europe. I no longer receive any mail from him
so I can't tell you what the most recent ones indicate.

[Patricia A. Shaffer]

Last 1 MBs came from a server in Finland ... report to postmaster
bounced, and was referred to US upstream of the Finn and to my own
upstream.

--
Patricia

Proud Citizen of the Commonwealth of Virginia
"Anti-spammers are the immune system of the Internet." (CDR M. Dobson)
"The spam wars are about rendering email useless for unsolicited
advertising before unsolicited advertising renders email useless
for communication."(Walter Dnes/Jeff Wynn) Opt-out is cop-out! <http://www.cauce.org>

[Joe O'Sullivan]

It is easy to use a fake proxy there are loads out there, maybe he will just
grow up

Sorry Darrell

Joe
"Darrell" <Dar...@nospam.com> wrote in message
news:s1836.494$ws2....@ord-read.news.verio.net...

[Paul Zest The Man]

PAUL ZEST THE MAN @ !!! SHADOWVX.COM !!!
*** HTTP://WWW.SHADOWVX.COM/4Q ***

In article <e99q4tkcq5ckm13p4...@4ax.com>,

Sent via Deja.com
http://www.deja.com/

[Darrell]

Thanks for the info. However, SamSpade.org is reeling undering DOS attacks
at the moment. Will try again later.
Always happy to learn something new.

"bunnyip" <bun...@never.ireland.for.com.spam> wrote in message
news:hjaq4tksj1m5q323s...@4ax.com...
> [this seems to have hit the bit-bucket on the first attempt, apologies
> if you see 2 copies]

>
> "Darrell" <Dar...@nospam.com> wrote:
>
> >From what you see in his message source, who do you believe is his isp?
> >Just asking to learn.
>

> Why don't you grab yourself a copy of Sam Spade from
> http://www.samspade.org/ssw/ and play with it?
>
> A good place to start is with: Tools/Parse Email Headers - paste a
> complete usenet post, complete with *all* headers (or just the
> headers) into the window and hit the Parse button. Spade will open two
> new windows, one being a ready-rolled email for sending to abuse (if
> required) and the other will contain your entry with all hostnames,
> email addresses etc. highlighted. If you click on a highlighted item
> you can then use the tools on the toolbar on this host/email address
> etc.
>
> A quick look at Mr. Spam Zest's header info shows that he is posting
> from piiska.pitek.fi, so he's probably tunneling through it from a
> hidden ip address. Pitek seems to be (have been?) an ISP (my Finnish
> ain't so hot!) - www.pitek.fi redirects to www.icl.fi (yeah, ICL), so
> I searched for Pitek on Hotbot to find www.pitek.fi/suomi.html as a
> potential link... yes it works, and from there various phone contact
> numbers can be found. It looks like very little happens at Pitek these
> days - none of the web pages I checked have been updated in a long
> time, and all links to the home page lead to the newer page that
> redirects to ICL.
>
> I reckon that if someone got onto ICL Finland about this problem then
> they would get it sorted out really quickly, as presently they appear
> to be responsible for Pitek. I doubt that a prestigious computer
> company would want to be associated in any way with Mr. Zest's posts.
> Then Mr. Zest will have to look for another host to tunnel through -
> not quite as easy as finding a new throwaway email address.
>
> His site is hosted by Burst Net - see www.burst.net/policy.shtml for a
> moron-friendly AUP. Not much hope of a violation here.
>
> bunnyip

[Bill]

>His site is hosted by Burst Net

You still don't get it, do you?

[Lurker]

"bunnyip" <bun...@never.ireland.for.com.spam> wrote in message

news:2d4q4t06ld6usvmo6...@4ax.com...

>
> Why don't you grab yourself a copy of Sam Spade from
> http://www.samspade.org/ssw/ and play with it?
>

If you have alot of patience right now. posted here
http://www.samspade.org/ is this note.

"Recent sluggishness has been caused by a series of denial of
service attacks from Israeli ISPs.
I'm currently blocking most of netvision.net.il and barakitc.co.il."

> bunnyip

Regards,
Paul

[Patricia A. Shaffer]

On Sat, 30 Dec 2000 04:59:28 GMT, "Darrell" <Dar...@nospam.com> wrote:

>Thanks for the info. However, SamSpade.org is reeling undering DOS attacks
>at the moment. Will try again later.
>Always happy to learn something new.

That's why I have more than one way to track ... <g> There are a number
of places online that do it; here are a couple:

<http://codeflux.com/tools/>
<http://combat.uxn.com/>

[Bart Bailey]

Patricia A. Shaffer wrote:

> On Sat, 30 Dec 2000 04:59:28 GMT, "Darrell" <Dar...@nospam.com> wrote:
>
> >Thanks for the info. However, SamSpade.org is reeling undering DOS attacks
> >at the moment. Will try again later.
> >Always happy to learn something new.
>
> That's why I have more than one way to track ... <g> There are a number
> of places online that do it; here are a couple:
>
> <http://codeflux.com/tools/>
> <http://combat.uxn.com/>

Do you ever wonder if, by revealing your resources during your battles, that maybe you
are just supplying the coordinates for another ddos strike?

~~Bart~~

[Fred Adaires]

> Then Mr. Zest will have to look for another host to tunnel through -
> not quite as easy as finding a new throwaway email address.
>

> bunnyip

You kiddin?

Fred

[Patricia A. Shaffer]

On Sat, 30 Dec 2000 12:26:50 -0800, Bart Bailey <nos...@all.thanks>
wrote:

Battles? Me? I'm just a peaceable lady, looking to learn how to
protect myself. <g>

Actually, it has occurred to me that foolish folks might attempt to mess
up things, but I figure everyone else needs to know some decent tracking
resources ... I *do* have other resources, of course: two other programs
on my machine, plus the old DOS commands which are a bit harder to work
with, but are usable in a pinch, and half a dozen less publicised web
sites. Then, too, I've bunches of friends world-wide, in the
anti-spammer camp, that would be glad to track for me, should I be taken
down.

Besides ... a DDoS will bring the big guns to bear quicker than anything
else ... stir the pot a bit, doncha know. ;^> The point is, we are all
in this together, and the more folks who have access to worthy tracking
resources, the better off we'll all be.

--
Patricia

Proud Citizen of the Commonwealth of Virginia