Re: Threats and Nasty Emails

[long-morrow @ CS . YALE . EDU]

Rob Sansom Network Admin.  Connectix Corp <sansom @
 connectix .
 com> wrote:
>Although this is not really related to firewalls, I was wondering If 
>anyone had a suggestion for a response to a belligerent individual who 
>has been threatening to 'mail bomb' our site, as well as slander our 
>company in the UK.  Apparently , this person is very disatisfied with the 
>performance of the product that they purchased, and the resulting 
>response from tech support.  I guess that they got so frustrated that 
>they sent a letter to 'root' at our site, and that's how I got involved.  
>I am wondering if a response to the 'postmaster, or root at their site 
>would be a good idea, or should I just let it be.  It's easy to block 
>access from their net, but I would rather not do this.  The net in 
>question is 'intonet.co.uk' and I have tried 'whois' on the domain to no 
>avail (to try to contact the net admin, God forbid this person should be 
>the net admin!), and if anyone has any information on a contact at 
>intonet.co.uk, I would greatly appreciarte any information.

1)

Socially, the firs response is always to ask the individual calmly and
privately to stop.  Sounds like that has already been down in this case.

2)

Next step is usually to contact the contact person(s) at their site.  I
did a telnet to info.ripe.net and found some information about 
Intonet ltd., their net and ISP.  British Telecom is apparently
their ISP (bt.net):

Interactive RIPE Whois Database server
inetnum:     194.73.231.0
netname:     BT-CUST-3
descr:       intonet ltd.
country:     GB
admin-c:     j bunyer
tech-c:      simon barnett
status:      ASSIGNED PA
changed:     Stewart .
 Mercer @
 bt .
 net 960319
source:      RIPE

route:       194.72.0.0/15
descr:       BTnet
origin:      AS2856
mnt-by:      BTNET-MNT
changed:     peter .
 willis @
 bt .
 net 951018
source:      RIPE
 
Here are two contacts at the company (both have the same email address on
intonet.co.uk ) and their -- exactly the same -- phone number(s):

 
person:      j bunyer
address:     millbourne house
address:     66-70 coombe road
address:     new malden
address:     surrey
address:     uk
address:     kt3 4qw
phone:       +44 1819429214
fax-no:      +44 1819498033
e-mail:      bunny @
 intonet .
 co .
 uk
changed:     Stewart .
 Mercer @
 bt .
 net 960319
source:      RIPE
 
person:      simon barnett
address:     millbourne house
address:     66-70 coombe road
address:     new malden
address:     surrey
address:     uk
address:     kt3 4qw
phone:       +44 1819429214
fax-no:      +44 1819498033
e-mail:      bunny @
 intonet .
 co .
 uk
changed:     Stewart .
 Mercer @
 bt .
 net 960319
source:      RIPE
 

3)
 
If contacting people at Intonet.co.uk doesn't work you might want to contact
their ISP.  Using the same whois search interface at info.ripe.net I found
that the primary administrative contact at BT.NET was Nigel Titley
( Nigel .
 Titley @
 bt .
 net ) and the primary technical contact was Peter Willis
( peter .
 willis @
 bt .
 net ).

Here is the information in RIPE whois format for Nigel Titley:

person:      Nigel Titley
address:     PP201
address:     Network House
address:     Brindley Way
address:     Apsley
address:     Hemel Hempstead
address:     Herts
address:     HP3 9RR
phone:       +44 1442 237674
fax-no:      +44 1442 237728
e-mail:      Nigel .
 Titley @
 bt .
 net
nic-hdl:     NT13
notify:      Nigel .
 Titley @
 bt .
 net
changed:     Nigel .
 Titley @
 bt .
 net 950306
changed:     Nigel .
 Titley @
 bt .
 net 941223
changed:     N .
 Titley @
 axion .
 bt .
 co .
 uk 920128
changed:     Nigel .
 Titley @
 axion .
 bt .
 co .
 uk 940711
changed:     dfk @
 cwi .
 nl 920129
source:      RIPE


Here is the information in RIPE whois format for Peter Willis :

person:      Peter Willis
address:     PP201
address:     Network House
address:     Brindley Way
address:     Apsley
address:     Hemel Hempstead
address:     Herts
address:     HP3 9RR
address:     GB
phone:       +44 1442 237673
fax-no:      +44 1442 237728
e-mail:      peter .
 willis @
 bt .
 net
nic-hdl:     PW19-RIPE
changed:     nigel .
 titley @
 bt .
 net 950306
changed:     peter .
 willis @
 bt .
 net 941118
changed:     hostmaster @
 ripe .
 net 950815
source:      RIPE

4)
 
The next step after talking to an ISP and getting no satisfaction would
be to contact your legal staff.  Successfully defending yourself against
slander from someone on another continent would appear to be a daunting
(and expensive) proposition.  Perhaps someone with a better knownledge
of English law....

5)

As to technical solutions -- if you just want to block someone's email
address (they can always change the email address their email comes from
though):

We've had real problems with obnoxious individuals abusing our e-mail->netnews
gateway (subscribing the alias feeds for newsgroups to tens of Internet
mailing lists etc. as part of some ongoing flame war in alt.gothic and
alt.college.college-bowl, etc.).

We created a spam filter which lets us block e-mail from being fed into
our local mail2news gateway.  It could possibly be adapted to serve
a a sendmail->sendmail filter as well (or you can use it to frontend
e-mail to aliases for your incoming email).

The README file is available via URLs:
 ftp://ftp.cs.yale.edu/pub/long/src/network/security/spammerjammer-1.2.README
 http://www.cs.yale.edu/pub/long/src/network/security/spammerjammer-1.2.README

The Gzipped tar file is available via URLs: 
 ftp://ftp.cs.yale.edu/pub/long/src/network/security/spammerjammer-1.2.tar.gz
 http://www.cs.yale.edu/pub/long/src/network/security/spammerjammer-1.2.tar.gz

----- 
H. Morrow Long, Mgr of Dev., Yale Univ., Comp Sci Dept, 011 AKW, New Haven, CT
06520-8285,	VOICE:	(203)-432-{1248,1254}		FAX:	(203)-432-0593