[21500] in North American Network Operators' Group
Re: Exodus / Clue problems
daemon@ATHENA.MIT.EDU (Chuck Mead)
Mon Nov 16 02:20:46 1998
Date: Sun, 15 Nov 1998 21:28:31 -0500 (EST)
From: Chuck Mead <chuck@moongroup.com>
To: list@inet-access.net
cc: TTSG <ttsg@ttsg.com>, nanog@merit.edu
In-Reply-To: <19981115232414.6465.qmail@smx.pair.com>
On Sun, 15 Nov 1998 sigma@pair.com wrote:
>
> Let me guess - the IP is 209.67.50.254, and they're trying to login to
> nameservers as "root", sometimes a dozen times per second?
>
> Hello, filtering.
>
> Kevin
>
> > Sorry to cross post, but is there anyone monitoring this list
> > from Exodus with 1/2 a clue who might be able to help me? I called the
> > NOC with an in-progress abuse and was told :
> >
> > 1) We don't know who owns that IP
That's funny...
[chuck@ws chuck]$ ping dns4.register.com
PING dns4.register.com (209.67.50.254): 56 data bytes
64 bytes from 209.67.50.254: icmp_seq=0 ttl=47 time=130.2 ms
64 bytes from 209.67.50.254: icmp_seq=1 ttl=47 time=132.8 ms
64 bytes from 209.67.50.254: icmp_seq=2 ttl=47 time=133.6 ms
--- dns4.register.com ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 130.2/132.2/133.6 ms
and it's Linux 5.1!
[chuck@server chuck]$ whois register-dom
[rs.internic.net]
Registrant:
Forman Interactive Corp (REGISTER-DOM)
201 Water St.
Brooklyn, NY 11201
USA
Domain Name: REGISTER.COM
Administrative Contact, Technical Contact, Zone Contact:
Forman, Internic (PF61) internic@FORMAN.COM
212-627-4988 (FAX) 212-627-6477
Billing Contact:
Forman, Internic (PF61) internic@FORMAN.COM
212-627-4988 (FAX) 212-627-6477
Record last updated on 25-Aug-98.
Record created on 01-Nov-94.
Database last updated on 15-Nov-98 04:46:26 EST.
Domain servers in listed order:
DNS1.REGISTER.COM 209.67.50.220
DNS2.REGISTER.COM 209.67.50.241
So... either they're bad folks or they got hacked and the bad folks
are using their machine. If they got hacked I'd say that's plenty
interesting...
209.67.50.254 22 ssh Secure Shell - RSA encrypted rsh
-> SSH-1.5-1.2.26\n
Cheers!
--
Chuck Mead, CEO - Moongroup Consulting, Inc. <chuck@moongroup.com>
http://www.moongroup.com/
http://www.moongroup.com/unix/
There's no such thing as a free lunch.
-- Milton Friendman
