Re: OT: do any comcast users ever get spam from comcastonline.com?
On Mon, 28 Jun 2004, William Ballard wrote:
> In addition to occasionally getting mails which appear to be from
> comcast from m0.net, I occasionally get emails with headers thusly:
[headers and links snipped]
> My email preferences say send me no emails and I've called Comcast
> several times and they said this is some sort of Phishing. The IP
> Address 198.178.10.193 is suspiciously close to 192.168.x.x, so maybe
> they are telling the truth.
In this case, that doesn't mean anything. Of course, 192.168.x.x is
reserved for internal use -- but it's the only IP block in that
neighborhood to be so reserved. That 198.178.x.x is close is
coincidence.
You can do some further checking in cases like these. First, do a
reverse-lookup on the IP. Often there's a reverse PTR record in DNS
telling you what the hostname is. This is easily accomplished with
host, dig, or nslookup. In this case, though, there doesn't seem to be
such a PTR record.
Also, try looking up who owns that address space. It's just:
whois <ip number>
The WHOIS database isn't always up-to-date, but it does have some info:
revolver: ~ % whois 198.178.10.193
Telecommunications, Inc. (TCI) TCI-NET3 (NET-198-178-10-0-1)
198.178.10.0 - 198.178.10.255
Telecommunications, Inc. (TCI) NETBLK-TCI-NET (NET-198-178-8-0-1)
198.178.8.0 - 198.178.15.255
IIRC, TCI was bought by AT&T Broadband, which was subsequently bought by
Comcast. So this might now be Comcast address space. It's not enough to
convict them by itself, but it suggests the spam is coming from their
network (if the headers can be trusted).
- Aaron
--
Aaron Hall : "Poor soul, very sad; her late husband,
ahall@vitaphone.net : you know, a very sad death -- eaten by
: missionaries, poor soul..."
: -- Rev. Wm. Spooner
Reply to: