NNTP IP Address spoofing, tracing abuse

Alex Miller bind-users-nospam at bannerclub.com
Thu Feb 17 15:46:53 UTC 2000


Dear bind users,

I am trying to identify a person who posted a really
bad usenet posting on the internet. Of course, this
happens frequently, so I'm asking questions because
it is a general problem, not just a specific one.

The usenet posting was posted to dozens of different
usenet groups with the username bonnie_jouhari at my-deja.com
and a subject of "I'm Sorry". Bonnie Jouhari is a housing
activist who has been stalked by neo-nazis, and this
posting, using her name, is a death threat against her.

Here's my methodology on searching, any suggestions would be
helpful.

1) Using deja.com, I search for bonnie_jouhari at my-deja.com
2) I identify news groups that contain the "I'm Sorry"
posting. There are a LOT of them, since it was posted
many times, cross-posting about 4 times each.
3) Look up those newsgroups using a non-browser based usenet
reader like Netscape Messenger.
4) Find the "I'm Sorry" posting and look at the NNTP IP address.
5) Perform an reverse lookup on the IP address, either through
a product like WS_PING, or nslookup with in-addr.
6) Use a whois database to find the contact person for that
nntp server.

Then from there?

For information on the real Bonnie Jouhari, check out
http://www.hatewatch.org/interviews/jouhari.html

You may email me at alex at hatewatch.org

Thanks,

Alex Miller, director of cybergood.net, non-profit
ISP for hatewatch.org

-----------------------------------------
Signature:
the email address this is sent from
is may be an anti-spam defense. Ignore it
completely.  Instead, rely on an email
address I have already provided or
<mailto:reply-nospam at bannerclub.com>
removing the "-nospam"



More information about the bind-users mailing list