[101376] in North American Network Operators' Group
Re: DreamHost Contact?
daemon@ATHENA.MIT.EDU (Crist Clark)
Wed Jan 2 16:07:08 2008
Date: Wed, 02 Jan 2008 13:04:55 -0800
From: "Crist Clark" <Crist.Clark@globalstar.com>
To: "Gregory Hicks" <ghicks@cadence.com>, <mgreb@linode.com>,
<nanog@merit.edu>
In-Reply-To: <200712310427.lBV4R2s4004131@mailhub.Cadence.COM>
Errors-To: owner-nanog@merit.edu
>>> On 12/30/2007 at 8:27 PM, Gregory Hicks <ghicks@cadence.com> wrote:
>
>> Date: Sun, 30 Dec 2007 21:42:21 -0500
>> From: Michael Greb <mgreb@linode.com>
>> To: nanog@merit.edu
>> Subject: DreamHost Contact?
>>
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> I've attempted to contact DreamHost NOC or Abuse departments via
the
>> numbers in whois but just get voice mail and no call back.
>>
>> I've got a user sending a lot of UDP traffic to 208.113.189.13 port
22.
>> This traffic is very likely undesirable and I'd be willing to pull
the
>> plug immediately if I can get confirmation from DreamHost. Failing
that
>
> Port 22? Isn't that ssh? Doesn't ssh have the capability to forward
X or
> whatever via ssh?
SSH uses only TCP, not UDP. 22/udp traffic used to be indicative of
old,
buggy PCAnywhere. PCAnywhere is supposed to use 5632/udp (0x1600), but
there was an endian bug in some old versions that had it using 0x0016,
22/udp.
Haven't seen that for a long time. May or may not have anything to do
with
this traffic.
BĀ¼information contained in this e-mail message is confidential, intended
only for the use of the individual or entity named above. If the reader
of this e-mail is not the intended recipient, or the employee or agent
responsible to deliver it to the intended recipient, you are hereby
notified that any review, dissemination, distribution or copying of this
communication is strictly prohibited. If you have received this e-mail
in error, please contact postmaster@globalstar.com
