[175647] in North American Network Operators' Group
Trying to identify hosts
daemon@ATHENA.MIT.EDU (shawn wilson)
Mon Oct 27 11:57:44 2014
X-Original-To: nanog@nanog.org
From: shawn wilson <ag4ve.us@gmail.com>
Date: Mon, 27 Oct 2014 11:57:15 -0400
To: North American Network Operators Group <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
We get lots of probes from subdomains of southwestdoor.com and
secureserver.net 's SOA and I'm curious who these guys are?
The only web page I could find was southwestdoor redirects to
http://www.arcadiacustoms.com and then to http://arcadia-custom.com/
(a hardware company is causing unwanted network traffic - not unless
they're owned)
Traceroute for southwestdoor.com goes through secureserver.net and
they have lots of references (in dns) to themselves, jomax.net and
domaincontrol.com.
Can someone give me a better picture of how this all fits together on
a company level - as in how do these guys make money and why are they
probing our network? I understand scans from ISPs and colos, but I
can't directly identify these guys as either.
