North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Exodus / Clue problems
I sent this to him. I'm posting it here as others are having problems with the host. I just had a customer of mine log an a complaint, I've put a call into the Exodus New Jersey facility. They are paging there systems Admin. James >Date: Sun, 15 Nov 1998 15:21:36 -0800 >To: TTSG <[email protected]> >From: James McKenzie <[email protected]> >Subject: Re: Exodus / Clue problems >In-Reply-To: <[email protected]> >References: <[email protected]> from "James McKenzie" at Nov 15, 98 03:04:12 pm> > >#ftp 209.67.50.254 > >Connected to 209.67.50.254. >220 dns4.register.com FTP server (Version wu-2.4.2-academ[BETA-16](1) Thu May 7 >23:18:05 EDT 1998) ready. >Name (209.67.50.254:mcs): ^]q >331 Password required for q. >Password: >530 Login incorrect. >ftp: Login failed. >Remote system type is UNIX. >Using binary mode to transfer files. >ftp> quit >221 Goodbye. > >ns:22# nslookup dns4.register.com >Server: localhost >Address: 127.0.0.1 > >Non-authoritative answer: >Name: dns4.register.com >Address: 209.67.50.254 > >Forman Interactive Corp (REGISTER-DOM) REGISTER.COM >Register.Com (DOMAIN-DIRECT-DOM) DOMAIN-DIRECT.COM >Register.Com (DOMAINS-DIRECT-DOM) DOMAINS-DIRECT.COM >Register.Com (YAHOO-REGISTER-DOM) YAHOO-REGISTER.COM >Register.Com (NETSCAPE-REGISTER-DOM) NETSCAPE-REGISTER.COM >Register.Com (EXCITE-REGISTER-DOM) EXCITE-REGISTER.COM >Register.Com (REGISTERYOURDOMAIN2-DOM) REGISTERYOURDOMAIN.COM >Register.Com (DOMAINSONSALE-DOM) DOMAINSONSALE.COM >Register.Com (DOMAINNAMESFORLESS-DOM) DOMAINNAMESFORLESS.COM >Register.Com (DOMAINS-DIRECTLY-DOM) DOMAINS-DIRECTLY.COM >Register.Com (TOREGISTER-DOM) TOREGISTER.COM >Register.Com (SITEREGISTRATION2-DOM) SITEREGISTRATION.COM >register.com (CLOVERSKY-DOM) CLOVERSKY.COM > > >Forman Interactive Corp (REGISTER-DOM) > 201 Water St. > Brooklyn, NY 11201 > USA > > Domain Name: REGISTER.COM > > Administrative Contact, Technical Contact, Zone Contact: > Forman, Internic (PF61) [email protected] > 212-627-4988 (FAX) 212-627-6477 > Billing Contact: > Forman, Internic (PF61) [email protected] > 212-627-4988 (FAX) 212-627-6477 > > Record last updated on 25-Aug-98. > Record created on 01-Nov-94. > Database last updated on 15-Nov-98 04:46:26 EST. > > Domain servers in listed order: > > DNS1.REGISTER.COM 209.67.50.220 > DNS2.REGISTER.COM 209.67.50.241 > > > web site http://www.register.com > > > Looks like you might be looking at someone who's hacked there site, but this should help get you in touch with them. > > > James > > > > >At 06:09 PM 11/15/98 -0500, you wrote: >>> >>> >>> I'm not exodus but I am a customer in their Santa Clara, Walsh facility. >>> You sure got someone stupid. >>> >>> What's the problem? Perhaps I can help get some help. >>> >> Thanks......... >> >> Actually, this is out of New Jersey........... >> >> Looks like a heavy duty, repeated port scan..... >>heimdall:/home/ttsg# traceroute 209.67.50.254 >>traceroute to 209.67.50.254 (209.67.50.254), 30 hops max, 40 byte packets >> 1 nac-wsh6-e0-10Mb.nac.net (207.99.55.6) 168.931 ms 169.109 ms 169.792 ms >> 2 nac-wsh1-e0-10Mb.nac.net (207.99.55.1) 169.745 ms 169.32 ms 169.808 ms >> 3 h2-0-401.frame1.whi.nac.net (209.123.11.93) 179.754 ms 179.293 ms 179.80s >> 4 nac-globalcenter-Fa2-1-100mb.nac.net (207.99.5.191) 169.79 ms 179.18 ms s >> 5 vc37.atm1-0.cr1.DCA.globalcenter.net (206.132.191.162) 179.747 ms 199.092s >> 6 * vnva-01.core.exodus.net (192.41.177.119) 190.242 ms 217.626 ms >> 7 heva-02-h8-1-0.core.exodus.net (209.1.169.217) 191.728 ms 209.631 ms 209s >> 8 heva-05-p1-0.core.exodus.net (209.185.249.38) 209.729 ms 179.74 ms 319.7s >> 9 jcnj-06-p0-1.core.exodus.net (209.185.9.202) 259.623 ms 179.555 ms 199.8s >>10 jcnj-01-p12-0-0.core.exodus.net (209.1.169.186) 229.731 ms 189.627 ms 17s >>11 vlan921.rsm2-j8-b.lan.exodus.net (209.185.160.7) 189.733 ms 199.615 ms 1s >>12 209.67.50.254 (209.67.50.254) 219.754 ms 199.405 ms 249.803 ms >> >> >> Seems to have slacked off after I set a few machines to do a fast >>ping of it........ >> >> Tuc/TTSG >>> James >>> >>> At 05:38 PM 11/15/98 -0500, you wrote: >>> >Hi, >>> > >>> > Sorry to cross post, but is there anyone monitoring this list >>> >from Exodus with 1/2 a clue who might be able to help me? I called the >>> >NOC with an in-progress abuse and was told : >>> > >>> > 1) We don't know who owns that IP >>> > 2) We can't get into our own routers >>> > 3) We don't have a ticket system >>> > 4) The abuse people have a ticket system, but only if we >>> > can associate it to a customer (See #1) >>> > 5) We don't know how often the "[email protected]" is checked >>> > 6) Email us the logs, and thanks for calling. >>> > >>> > >>> > AAAAAAAAARRRRRRRRRRGGGGGGGGGGGHHHHHHHHHHHHH!!!!!!!!!!!!!!! >>> > >>> > Tuc/TTSG >>> > >>> > >>> >>> James McKenzie >>> [email protected] >>> http://www.1ipnet.net >>> >> >> James McKenzie [email protected] http://www.1ipnet.net
|