[175652] in North American Network Operators' Group
Re: Trying to identify hosts
daemon@ATHENA.MIT.EDU (shawn wilson)
Mon Oct 27 13:21:56 2014
X-Original-To: nanog@nanog.org
In-Reply-To: <CAH_OBicOnYV53kJ84kq70QH-FvuNcC6TMdNabUL76CJn5=fzPg@mail.gmail.com>
From: shawn wilson <ag4ve.us@gmail.com>
Date: Mon, 27 Oct 2014 13:21:19 -0400
To: North American Network Operators Group <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Ok, got a few off list replies that secureserver.net is godaddy which
is fine - makes sense. I just wish this would link back to them easier
(some backup ns being something.godaddy.com or some SOA of an IP
listed in the spf being something.godaddy.com or whatever).
Thank y'all for the info.
On Mon, Oct 27, 2014 at 11:57 AM, shawn wilson <ag4ve.us@gmail.com> wrote:
> We get lots of probes from subdomains of southwestdoor.com and
> secureserver.net 's SOA and I'm curious who these guys are?
>
> The only web page I could find was southwestdoor redirects to
> http://www.arcadiacustoms.com and then to http://arcadia-custom.com/
> (a hardware company is causing unwanted network traffic - not unless
> they're owned)
>
> Traceroute for southwestdoor.com goes through secureserver.net and
> they have lots of references (in dns) to themselves, jomax.net and
> domaincontrol.com.
>
> Can someone give me a better picture of how this all fits together on
> a company level - as in how do these guys make money and why are they
> probing our network? I understand scans from ISPs and colos, but I
> can't directly identify these guys as either.
