nanog mailing list archives

Re: Exodus / Clue problems

From: Chuck Mead <chuck () moongroup com>
Date: Sun, 15 Nov 1998 21:28:31 -0500 (EST)

On Sun, 15 Nov 1998 sigma () pair com wrote:


Let me guess - the IP is 209.67.50.254, and they're trying to login to
nameservers as "root", sometimes a dozen times per second?

Hello, filtering.

Kevin

    Sorry to cross post, but is there anyone monitoring this list
from Exodus with 1/2 a clue who might be able to help me?  I called the
NOC with an in-progress abuse and was told :

    1) We don't know who owns that IP


That's funny...

[chuck@ws chuck]$ ping dns4.register.com
PING dns4.register.com (209.67.50.254): 56 data bytes
64 bytes from 209.67.50.254: icmp_seq=0 ttl=47 time=130.2 ms
64 bytes from 209.67.50.254: icmp_seq=1 ttl=47 time=132.8 ms
64 bytes from 209.67.50.254: icmp_seq=2 ttl=47 time=133.6 ms

--- dns4.register.com ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 130.2/132.2/133.6 ms           

and it's Linux 5.1!

[chuck@server chuck]$ whois register-dom
[rs.internic.net]

Registrant:
Forman Interactive Corp (REGISTER-DOM)
   201 Water St.
   Brooklyn, NY 11201
   USA

   Domain Name: REGISTER.COM

   Administrative Contact, Technical Contact, Zone Contact:
      Forman, Internic  (PF61)  internic () FORMAN COM
      212-627-4988 (FAX) 212-627-6477
   Billing Contact:
      Forman, Internic  (PF61)  internic () FORMAN COM
      212-627-4988 (FAX) 212-627-6477

   Record last updated on 25-Aug-98.
   Record created on 01-Nov-94.
   Database last updated on 15-Nov-98 04:46:26 EST.

   Domain servers in listed order:

   DNS1.REGISTER.COM            209.67.50.220
   DNS2.REGISTER.COM            209.67.50.241

So... either they're bad folks or they got hacked and the bad folks
are using their machine.  If they got hacked I'd say that's plenty
interesting...

209.67.50.254    22 ssh          Secure Shell - RSA encrypted rsh
                    -> SSH-1.5-1.2.26\n

Cheers!
--                         
Chuck Mead, CEO - Moongroup Consulting, Inc. <chuck () moongroup com>
http://www.moongroup.com/
http://www.moongroup.com/unix/

There's no such thing as a free lunch.
                -- Milton Friendman

Current thread:

Re: Exodus / Clue problems, (continued)
- - - Re: Exodus / Clue problems TTSG (Nov 16)
    - Re: Exodus / Clue problems Roeland M.J. Meyer (Nov 15)
    - Re: Exodus / Clue problems Alex P. Rudnev (Nov 16)
    - Re: Exodus / Clue problems Jeff Carneal (Nov 16)
    - Re: Exodus / Clue problems Dan Hollis (Nov 15)
    - Re: Exodus / Clue problems Jon Lewis (Nov 15)
  - Re: Exodus / Clue problems Adam Rothschild (Nov 15)
    - Re: Exodus / Clue problems TTSG (Nov 15)
    - Re: Exodus / Clue problems TTSG (Nov 15)
  - Re: Exodus / Clue problems Dalvenjah FoxFire (Nov 15)
  - Re: Exodus / Clue problems Chuck Mead (Nov 15)
  - Re: Exodus / Clue problems brian moore (Nov 15)
    - Re: Exodus / Clue problems TTSG (Nov 15)
  - Re: Exodus / Clue problems alex (Nov 16)
    - Re: Exodus / Clue problems Steven J. Sobol (Nov 16)
    - Message not available
    - Re: Exodus / Clue problems Steve Noble (Nov 18)
    - Re: Exodus / Clue problems Steven J. Sobol (Nov 18)
- Re: Exodus / Clue problems Adam Rothschild (Nov 15)
- Re: Exodus / Clue problems James McKenzie (Nov 15)
- Re: Exodus / Clue problems James McKenzie (Nov 15)
  - Re: Exodus / Clue problems Adam Rothschild (Nov 15)

(Thread continues...)