Forum: >>> Magnum BBS <<<

spam from MAROSNET (AS48666) and GMHOST-NET (AS201094) networks

From Ivan Shmakov@21:1/5 to All on Thu Nov 10 17:10:23 2016

XPost: news.admin.net-abuse.email

Ivan Shmakov <ivan@siamics.net> writes:

[...]

All the unwanted mail I saw before came from the 13 networks below,
which I've thus added to my 'rejectnet' set:

185.5.248.0/22 from AS: 48666 (upstreams: 12389 9002),
185.58.204.0/22 from AS: 48666 (upstreams: 12389 9002),
185.87.48.0/22 from AS: 48666 (upstreams: 12389 9002),
185.117.152.0/22 from AS: 48666 (upstreams: 12389 9002),
185.125.216.0/22 from AS: 48666 (upstreams: 12389 9002),
193.106.96.0/22 from AS: 48666 (upstreams: 12389 9002),
193.124.176.0/20 from AS: 48666 (upstreams: 12389 9002),
194.67.192.0/23 from AS: 48666 (upstreams: 12389 9002),
194.67.194.0/24 from AS: 48666 (upstreams: 12389 9002),
194.67.196.0/22 from AS: 48666 (upstreams: 12389 9002),
194.67.200.0/21 from AS: 48666 (upstreams: 12389 9002),
194.67.208.0/20 from AS: 48666 (upstreams: 12389 9002),

This has worked quite well until yesterday, when I've got yet
another message, this time from 95.46.99.0/24 (AS201094), very
similar to those I was getting from the MAROSNET networks.

I've mailed abuse at gmhost dot com dot ua, but seen no reply as
of yet. The hosts were thus added to my 'dropemall' set; while
the network (/24) made it straight to 'rejectnet'.

2016W45 dbjc@009msk.ru [95.46.99.232]
jsvj@give-gift.ru [95.46.99.233]

FTR, there were a couple more messages with similar Message-ID:
values (/^[0-9A-Z]{32}@/) that came from other networks; namely:

2016W44 aaasj800i1d3@sr.incl.ne.jp [219.121.225.37]
2016W42 lihong@mail.tjnu.edu.cn [202.113.96.4]

And just in the case someone gets curious, here's a partial
list of IPv4 addresses that were recently denied access to
TCP port 25 at my MX, in reverse chronological order.

## IPv4 days rDNS
94.142.140.44 0 vector2000.ru.
193.124.180.212 0 alpaper.ru.
194.67.198.162 0 raskat-servis.ru.
194.67.198.174 0 mmaweb.ru.
194.67.198.180 0 news40.ru.
194.67.213.188 0 kama-pv.ru.
194.67.213.192 0 lesaltai.ru.
185.58.205.61 1 wapmag.ru.
194.67.198.169 1 100euro.ru.
194.67.213.187 1 teko-pskov.ru.
194.67.213.190 1 fenecair.ru.
194.67.199.166 2 gazon72.ru.
194.67.213.189 2 ra-mart.ru.
185.5.250.180 3 warfilm.ru.
194.67.199.162 3 mmtours.ru.
185.87.48.120 7 sks26.ru.
185.87.48.203 7 mp3mw.ru.
185.87.51.60 7 flat-ice.ru.
193.124.183.150 7 free.marosnet.net.
194.67.213.186 7 tono-int.ru.
185.5.250.20 8 market-ur.ru.
193.124.181.229 8 free.marosnet.net.
194.67.198.197 8 da-lite.ru.
194.67.210.197 8 btforum.ru.
194.67.210.202 8 threeality.ru.
194.67.210.205 8 brook-bond.ru.
194.67.211.112 8 f-plast.ru.
194.67.212.211 8 dialint.ru.
194.67.212.188 9 gummail.ru.
194.67.213.191 9 ecc-inok.ru.

[...]

--
FSF associate member #7257 np. Dream Raga -- Jami Sieber 3013 B6A0 230E 334A

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Who's Online
Recent Visitors
- Bob Worm
  Fri Apr 26 15:47:21 2024
  from Wales, Uk via Telnet
- Bob Worm
  Fri Apr 26 10:09:36 2024
  from Wales, Uk via Telnet
- Bob Worm
  Fri Apr 26 08:24:20 2024
  from Wales, Uk via Telnet
- Bob Worm
  Fri Apr 26 06:40:30 2024
  from Wales, Uk via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	296
Nodes:	16 (2 / 14)
Uptime:	83:09:12
Calls:	6,658
Calls today:	4
Files:	12,203
Messages:	5,333,522
Posted today:	1

spam from MAROSNET (AS48666) and GMHOST-NET (AS201094) networks

Who's Online

Recent Visitors

System Info