Re: "Quova.net" (Exodus downstream customer)

[rune () TRANS4MEDIA COM (Rune Kristian Viken)]

CC: abuse () exodus net - as its obviously where it was sent.
CC: concerns () quova com - as they are the ones beeing defamed.

On Sat, 17 Jun 2000, measl () mfn org wrote:

>       What really bugs me is that the web site for the originator
> clearly implies that this type of illicit probing is what the company
> "does for a living": "Quova is a stealth-mode, Internet infrastructure
> company...".
>       This email is being posted to various lists in order to warn them
> of this "company"'s propensities, and to the fact that their traffic
> originates with Exodus...
>       Please put a stop to this.

Ahh, how I *love* clueless reports.  And how I *love* to get lists I subscribe
to trashed with ABUSE-mails.  *blarhg*

> Jun 15 19:51:19 65500 Deny ICMP:8.0 64.28.74.182 204.238.179.1 in via vx3

OK, lets see.

runevi@obelix:/home/runevi$ host -v 64.28.74.182 | grep PTR
182.74.28.64.IN-ADDR.ARPA       86035 IN        PTR     dcexbo200.quova.net

runevi@obelix:/home/runevi$ nslookup dcexbo200.quova.net
*** localhost can't find dcexbo200.quova.net: Non-existent host/domain

runevi@obelix:/home/runevi$ traceroute -f 13 64.28.74.182
traceroute to 64.28.74.182 (64.28.74.182), 30 hops max, 38 byte packets
13  dcr03-g1-0.wlhm01.exodus.net (64.14.70.49)  133.751 ms  149.299 ms  136.130 ms
14  64.14.80.130 (64.14.80.130)  136.162 ms  141.632 ms  136.408 ms
15  dcexbo200.quova.net (64.28.74.182)  134.493 ms  140.788 ms  148.129 ms

Okay.. exodus.net is upstream for this reverse-only domain.

runevi@obelix:/home/runevi$ host -l quova.net
quova.net name server ns1.quova.com
quova.net has address 208.37.145.34
ftp.quova.net has address 208.37.145.39
www.quova.net has address 205.177.226.233

hmm... quova.com host -l shows a bunch of more ip's, and so forth.  Well.. it
seems the only thing resolving to exodus at all, is the reverse-dns-lookup of
an IP ... the funny thing is, I cannot see how that can be quova.net's
responsibility.  Anyone can choose anything as reverse-dns for an ip.   I could
let one of my Ip's reserve to "lets.show.him" if I want - just edit the
zonefile.

The point here is - you - measl () mfn org - are NOT showing how the IP you
mention are in connection with quova.net .    And, your quote from their
frontpage is - from what I just read at their frontpage, EXTREMELY MISPLACED.
Their company is an ISP or something.  Not a "probing company" - at least from
what I can determine.

--
"Rune Kristian Viken" <rune () trans4media com> <http://arcade.kvinesdal.com>
System, Network & Security Administrator.  Phone: (+47) 92 85 34 38