[21576] in North American Network Operators' Group
Re: Another origin IP
daemon@ATHENA.MIT.EDU (James McKenzie)
Mon Nov 16 20:14:34 1998
Date: Mon, 16 Nov 1998 16:00:27 -0800
To: rirving@onecall.net, nanog@merit.edu
From: James McKenzie <mcs@1ipnet.net>
In-Reply-To: <3650A443.A452D723@onecall.net>
That's a customer off of Digex
mcserver.com
detel, Inc (MCSERVER-DOM)
suite 332
2490 Black Rock Tnpk
fairfield, CT 06432
Domain Name: MCSERVER.COM
Administrative Contact, Technical Contact, Zone Contact:
Weinberg, Ed (EW286) edw@DETEL.COM
203-333-3675
Billing Contact:
Weinberg, Ed (EW286) edw@DETEL.COM
203-333-3675
Record last updated on 07-Jul-98.
Record created on 30-Jul-97.
Database last updated on 16-Nov-98 04:48:51 EST.
Domain servers in listed order:
NS1.DETEL.COM 209.119.115.65
NS2.DETEL.COM 208.242.122.10
Detel, Inc. (DETEL-DOM)
2490 Black Rock Trpk
Fairfield, CT 06430
Domain Name: DETEL.COM
Administrative Contact, Technical Contact, Zone Contact:
Weinberg, Ed (EW286) edw@DETEL.COM
203-333-3675
Billing Contact:
Weinberg, Ed (EW286) edw@DETEL.COM
203-333-3675
Record last updated on 26-Jul-98.
Record created on 27-Feb-96.
Database last updated on 16-Nov-98 04:48:51 EST.
Domain servers in listed order:
NS1.DETEL.COM 209.119.115.65
NS1.RESEARCH.TROY.NY.US 206.72.196.240
NS2.DETEL.COM 208.242.122.10
Another name server compremised. I think I'm seeing a pattern here.
Trying 209.119.115.65...
Connected to 209.119.115.65.
Escape character is '^]'.
Red Hat Linux release 5.1 (Manhattan)
Same as register.com
Currently I haven't seen this scan across my network.
James
At 05:16 PM 11/16/98 -0500, Richard Irving wrote:
>209.119.115.65
>
>telnetd a mile a minute.......
>
>
>
> to our DNS.
>
>Check yours !
>
>
James McKenzie
mcs@1ipnet.net
http://www.1ipnet.net
