[WikiEN-l] Reporting Grawp to Verizon

Dahsun dahsun at yahoo.com
Wed Jan 21 09:49:19 UTC 2009 

I reported Grawp to Verizon earlier this week and got the following response, I'm circulating it here so that others reporting vandals to ISPs can follow their format. But more importantly can anyone tell me how to work out Destination IP address & Destination port(s)?

Jonathan (WereSpielChequers)


--- On Tue, 20/1/09, abuse at verizon.net <abuse at verizon.net> wrote:

> From: abuse at verizon.net <abuse at verizon.net>
> Subject: Re: [AB-C24281409F] Threats by one of your customers to rape and bugger a Wikipedia user
> To: dahsun at yahoo.com
> Date: Tuesday, 20 January, 2009, 8:43 PM
> Thank you for writing.
> 
> Your report contained no log file excerpt, or incomplete
> information, and therefore cannot be investigated.
> 
> In order to investigate your report, please submit a new
> report with a log file excerpt providing the specific
> details for the malicious traffic specific to a Verizon
> Online customer only.
> 
> 
> Log file excerpts must be in plain text format, and
> include:
> 
>     - Source IP address
>     - Source port(s)
>     - Destination IP address
>     - Destination port(s)
>     - Date
>     - Specific time
>     - Time zone (in which the log file time stamp is
> recorded)
>     - Brief synopsis
> 
> 
> Additionally, please note that due to the number of reports
> we receive, reports with log files containing extraneous
> information not pertinent to the specific report cannot be
> accepted.
> 
> Verizon Internet Services Security can only take action in
> response to traffic initiated by Verizon Internet customers.
> Traffic from non-Verizon sources must be reported directly
> to the appropriate owner of the IP space that is initiating
> the traffic.
> 
> The following web site may be helpful in determining the
> owner of the originating IP space:
> 
> http://www.arin.net/whois
> 
> We hope this provides the necessary information in order to
> re-submit your report with the data needed, so that an
> investigation may be initiated.
> 
> 
> Sincerely,
> 
> Verizon Online Abuse
> http://www2.verizon.net/policies
> http://www.verizon.net/security
> Abuse at verizon.net
> 
> 
> ==== Original Message ====
> 1. Threats by one of your customers to rape and bugger a
> Wikipedia user
> Added by system at Monday, Jan 19 2009 09:17 am 
> X-MailFrom: dahsun at yahoo.com 
> X-RcptTo: security at abuse.mailsrvcs.net 
> Received: from [172.18.169.123] by [172.18.45.30] (abacus)
> for <security at abuse.mailsrvcs.net>; Mon Jan 19
> 09:17:21 2009 
> Received: from web54109.mail.re2.yahoo.com
> ([206.190.37.244]) 
>  by vms169123.mailsrvcs.net 
>  (Sun Java System Messaging Server 6.2-6.01 (built Apr  3
> 2006)) 
>  with SMTP id
> <0KDQ009N854X2XE0 at vms169123.mailsrvcs.net> for 
>  security at abuse.mailsrvcs.net (ORCPT security at verizon.net);
> Mon, 
>  19 Jan 2009 09:17:21 -0600 (CST) 
> Received: (qmail 55849 invoked by uid 60001); Mon, 19 Jan
> 2009 15:17:16 +0000 
> Received: from [82.44.83.239] by
> web54109.mail.re2.yahoo.com via HTTP; Mon, 
>  19 Jan 2009 07:17:15 -0800 (PST) 
> Date: Mon, 19 Jan 2009 07:17:15 -0800 (PST) 
> From: Dahsun <dahsun at yahoo.com> 
> Subject: Threats by one of your customers to rape and
> bugger a Wikipedia user 
> X-Originating-IP: [206.190.37.244] 
> To: security at verizon.net 
> Reply-to: dahsun at yahoo.com 
> Message-id:
> <462123.55297.qm at web54109.mail.re2.yahoo.com> 
> MIME-version: 1.0 
> X-Mailer: YahooMailWebService/0.7.260.1 
> Content-type: text/plain; charset=utf-8 
> Content-transfer-encoding: quoted-printable 
> DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;  s=s1024;
> d=yahoo.com; 
> 
> h=X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID;
> 
> 
> b=UCdIgtiXRsWAhvhf8NKxKxQ9vYZAubqs6qyz0NrAB/pmKuh9smtFqntcNLZlMn3JogFojttb5+1kt4vSpTuY3PRM/U7tKsL9V9SAfZbeWRWmaDZPYCrZ+4Pr4u4vkUSesUqSsiIeEaDbqMsMXcpQeVmdt+XY7HoPRdENdijxXWI=;
> 
> X-YMail-OSG:
> QZ3aUWQVM1nhCP1GFxfRrYCzIxcq6z0yNEov_Km_Tf4Ld5FhTFk- 
> 
> MIME element (text/plain) 
> Dear Verizon, 
>  
> According to ARIN 71.167.96.32 is one of your IP addresses.
> If so were you aware of this edit: 
>  
> http://en.wikipedia.org/w/index.php?title=User:Juliancolton&diff=prev&oldid=265081968
> 
>  
> One of a series of vandalisms on Wikipedia by that IP, and
> looking very similar to other vandalism on Wikipedia by
> various Verizon IP addresses. 
>  
> I expect that as a socially responsible company you have
> policies to deal with such incidents; however if you do
> decide to continue supplying Internet services to that
> particular customer would it be possible for you to assign
> them a permanent IP address so we can indefinitely block
> that particular address from editing Wikipedia? 
>  
> Yours Sincerely 
>  
> Dahsun

More information about the WikiEN-l mailing list