Re: Exodus / Clue problems

[James McKenzie <mcs () 1ipnet net>]

 I sent this to him.  I'm posting it here as others are having problems
with the host.  I just had a customer of mine log an a complaint, I've put
a call into the Exodus New Jersey facility.  They are paging there systems
Admin.

 James

> Date: Sun, 15 Nov 1998 15:21:36 -0800
> To: TTSG <ttsg () ttsg com>
> From: James McKenzie <mcs () 1ipnet net>
> Subject: Re: Exodus / Clue problems
> In-Reply-To: <199811152309.SAA28380 () heimdall ttsg com>
> References: <3.0.5.32.19981115150412.00aa7490 () mail 1ipnet net> from "James
McKenzie" at Nov 15, 98 03:04:12 pm>
> #ftp 209.67.50.254
>
> Connected to 209.67.50.254.
> 220 dns4.register.com FTP server (Version wu-2.4.2-academ[BETA-16](1) Thu
May 7
> 23:18:05 EDT 1998) ready.
> Name (209.67.50.254:mcs): ^]q
> 331 Password required for q.
> Password:
> 530 Login incorrect.
> ftp: Login failed.
> Remote system type is UNIX.
> Using binary mode to transfer files.
> ftp> quit
> 221 Goodbye.
>
> ns:22# nslookup dns4.register.com
> Server:  localhost
> Address:  127.0.0.1
>
> Non-authoritative answer:
> Name:    dns4.register.com
> Address:  209.67.50.254 
>
> Forman Interactive Corp (REGISTER-DOM)
REGISTER.COM
> Register.Com (DOMAIN-DIRECT-DOM)
DOMAIN-DIRECT.COM
> Register.Com (DOMAINS-DIRECT-DOM)
DOMAINS-DIRECT.COM
> Register.Com (YAHOO-REGISTER-DOM)
YAHOO-REGISTER.COM
> Register.Com (NETSCAPE-REGISTER-DOM)
NETSCAPE-REGISTER.COM
> Register.Com (EXCITE-REGISTER-DOM)
EXCITE-REGISTER.COM
> Register.Com (REGISTERYOURDOMAIN2-DOM)
REGISTERYOURDOMAIN.COM
> Register.Com (DOMAINSONSALE-DOM)
DOMAINSONSALE.COM
> Register.Com (DOMAINNAMESFORLESS-DOM)
DOMAINNAMESFORLESS.COM
> Register.Com (DOMAINS-DIRECTLY-DOM)
DOMAINS-DIRECTLY.COM
> Register.Com (TOREGISTER-DOM)
TOREGISTER.COM
> Register.Com (SITEREGISTRATION2-DOM)
SITEREGISTRATION.COM
> register.com (CLOVERSKY-DOM)
CLOVERSKY.COM 
> Forman Interactive Corp (REGISTER-DOM)
>   201 Water St.
>   Brooklyn, NY 11201
>   USA
>
>   Domain Name: REGISTER.COM
>
>   Administrative Contact, Technical Contact, Zone Contact:
>      Forman, Internic  (PF61)  internic () FORMAN COM
>      212-627-4988 (FAX) 212-627-6477
>   Billing Contact:
>      Forman, Internic  (PF61)  internic () FORMAN COM
>      212-627-4988 (FAX) 212-627-6477
>
>   Record last updated on 25-Aug-98.
>   Record created on 01-Nov-94.
>   Database last updated on 15-Nov-98 04:46:26 EST.
>
>   Domain servers in listed order:
>
>   DNS1.REGISTER.COM            209.67.50.220  
>   DNS2.REGISTER.COM            209.67.50.241  
>
>
> web site http://www.register.com
>
>
> Looks like you might be looking at someone who's hacked there site, but
this should help get you in touch with them.
>   James
>
>
>
>
> At 06:09 PM 11/15/98 -0500, you wrote:
> > >  I'm not exodus but I am a customer in their Santa Clara, Walsh facility.
> > > You sure got someone stupid.  
> > >  
> > >  What's the problem? Perhaps I can help get some help.
> >      Thanks.........
> >
> >      Actually, this is out of New Jersey...........
> >
> >      Looks like a heavy duty, repeated port scan..... 
> > heimdall:/home/ttsg# traceroute 209.67.50.254
> > traceroute to 209.67.50.254 (209.67.50.254), 30 hops max, 40 byte packets
> > 1  nac-wsh6-e0-10Mb.nac.net (207.99.55.6)  168.931 ms  169.109 ms
169.792 ms
> > 2  nac-wsh1-e0-10Mb.nac.net (207.99.55.1)  169.745 ms  169.32 ms
169.808 ms
> > 3  h2-0-401.frame1.whi.nac.net (209.123.11.93)  179.754 ms  179.293 ms
179.80s
> > 4  nac-globalcenter-Fa2-1-100mb.nac.net (207.99.5.191)  169.79 ms
179.18 ms  s
> > 5  vc37.atm1-0.cr1.DCA.globalcenter.net (206.132.191.162)  179.747 ms
199.092s
> > 6  * vnva-01.core.exodus.net (192.41.177.119)  190.242 ms  217.626 ms
> > 7  heva-02-h8-1-0.core.exodus.net (209.1.169.217)  191.728 ms  209.631
ms  209s
> > 8  heva-05-p1-0.core.exodus.net (209.185.249.38)  209.729 ms  179.74 ms
319.7s
> > 9  jcnj-06-p0-1.core.exodus.net (209.185.9.202)  259.623 ms  179.555 ms
199.8s
> > 10  jcnj-01-p12-0-0.core.exodus.net (209.1.169.186)  229.731 ms  189.627
ms  17s
> > 11  vlan921.rsm2-j8-b.lan.exodus.net (209.185.160.7)  189.733 ms  199.615
ms  1s
> > 12  209.67.50.254 (209.67.50.254)  219.754 ms  199.405 ms  249.803 ms
> >
> >
> >      Seems to have slacked off after I set a few machines to do a fast
> > ping of it........
> >
> >                      Tuc/TTSG 
> > >   James
> > >
> > > At 05:38 PM 11/15/98 -0500, you wrote:
> > > > Hi,
> > > >
> > > >   Sorry to cross post, but is there anyone monitoring this list
> > > > from Exodus with 1/2 a clue who might be able to help me?  I called the
> > > > NOC with an in-progress abuse and was told :
> > > >
> > > >   1) We don't know who owns that IP
> > > >   2) We can't get into our own routers
> > > >   3) We don't have a ticket system
> > > >   4) The abuse people have a ticket system, but only if we
> > > >           can associate it to a customer (See #1)
> > > >   5) We don't know how often the "abuse@" is checked
> > > >   6) Email us the logs, and thanks for calling.
> > > >
> > > >
> > > >   AAAAAAAAARRRRRRRRRRGGGGGGGGGGGHHHHHHHHHHHHH!!!!!!!!!!!!!!!
> > > >
> > > >                   Tuc/TTSG
> > >
> > >  James McKenzie
> > >  mcs () 1ipnet net
> > >  http://www.1ipnet.net

 James McKenzie
 mcs () 1ipnet net
 http://www.1ipnet.net