1. The AMS-IX systems are part of the 91.200.16.0/22 network. If no system from that subnet appears in the message's Received headers, it did not originate from our systems.
   
   
2. AMS-IX B.V. itself does not knowingly send out unsollicited advertising.
   
   
3. If systems from the abovementioned network (91.200.16.0/22) do show up in the Received headers, there are two possibilities:
   
   
   • The header is faked; we can easily check this by checking our mail logs.
   • We have been hacked or used as a relay; in that case, we will take immediate steps to fix the problem.

If you think the above applies to the spam you received, please forward the complete spam message, including all headers to: abuse@ams-ix.net.

Remember to forward the full spam message, not just Outlook's idea of a message!

1. Please keep the following in mind:
   
   
   • AMS-IX is a Layer-2 Internet Exchange.
   • AMS-IX is not a transit IP provider.
   • AMS-IX is not an ISP.
   • AMS-IX has 298 customers (members), most of which are ISPs.
   • AMS-IX provides the infrastructure that enables its customers (members) to exchange IP traffic.
   
   
2. Given the above, it is not surprising if a traceroute to the source of a spam message or a website advertised in that spam crosses the AMS-IX peering LAN (195.69.144.0/23).
   
   
3. AMS-IX cannot police the IP traffic that ISPs exchange over the peering LAN. What two ISPs accept and don't accept from each other is their business. If a traceroute to a spam source crosses from provider A to provider B over the AMS-IX peering LAN, your best chances are to contact provider A and/or B.

   See the diagram below. Given the likely multiple paths between you and a typical spammer, the largest chance of success is to cut off the spammer at his ISP.
   
   

   
   Path from you to the spammer

1. The AMS-IX B.V. systems are part of the 91.200.16.0/22 network. If the source IP address of a port scan is not from that subnet, then it did not originate from our systems.
2. Systems in the 195.69.144.0/23 network range are routers and are neither owned nor managed by AMS-IX.
3. One or two packets do not make a port scan or hack attempt yet.
   
   
4. Make sure this really is a port scan/hack attempt. Many "personal firewall" products are misconfigured and erroneously block bonafide packets. Remember, if your firewall complains, it may just be misconfigured.
   
   
5. If your firewall is complaining about ICMP packets:
   • Do not complain about “ICMP type 3” packets.

     These packets are sent to your system because you are trying to contact another system that is unreachable for some reason. Change your firewall setup to allow these packets. If you are convinced that you didn't initiate a connection to the other (unreachable) system, check your firewall. Some firewalls try to gather information from the RIPE database using an IP address that is unreachable, and hence they receive the (valid) ICMP error code. Otherwise, update your virus checker and run a scan -- you may be harbouring a virus.

   • Make sure you have a basic understanding of what ICMP is before complaining about it. The following links may be helpful:

     tech.oneeyedcrow.net/icmp-filtering.html support.microsoft.com/?id=170292 www.iana.org/assignments/icmp-parameters

If you still think you are being attacked, send a message to abuse@ams-ix.net containing at the very least the following information about the suspicious packets:

• Source IP address.
• Destination IP address.
• Protocol (TCP, UDP, ICMP).
• Relevant port numbers/type information.
• Timestamps.

If your firewall is capable of creating plain text log files, please attach the log file (or relevant parts thereof) to your mail.

Remember to include the above items in your message! We cannot do anything without this information.