North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Exodus / Clue problems

  • From: Chuck Mead
  • Date: Mon Nov 16 02:19:39 1998

On Sun, 15 Nov 1998 [email protected] wrote:

> 
> Let me guess - the IP is 209.67.50.254, and they're trying to login to
> nameservers as "root", sometimes a dozen times per second?
> 
> Hello, filtering.
> 
> Kevin
> 
> > 	Sorry to cross post, but is there anyone monitoring this list
> > from Exodus with 1/2 a clue who might be able to help me?  I called the
> > NOC with an in-progress abuse and was told :
> > 
> > 	1) We don't know who owns that IP

That's funny...

[[email protected] chuck]$ ping dns4.register.com
PING dns4.register.com (209.67.50.254): 56 data bytes
64 bytes from 209.67.50.254: icmp_seq=0 ttl=47 time=130.2 ms
64 bytes from 209.67.50.254: icmp_seq=1 ttl=47 time=132.8 ms
64 bytes from 209.67.50.254: icmp_seq=2 ttl=47 time=133.6 ms

--- dns4.register.com ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 130.2/132.2/133.6 ms           

and it's Linux 5.1!

[[email protected] chuck]$ whois register-dom
[rs.internic.net]

Registrant:
Forman Interactive Corp (REGISTER-DOM)
   201 Water St.
   Brooklyn, NY 11201
   USA

   Domain Name: REGISTER.COM

   Administrative Contact, Technical Contact, Zone Contact:
      Forman, Internic  (PF61)  [email protected]
      212-627-4988 (FAX) 212-627-6477
   Billing Contact:
      Forman, Internic  (PF61)  [email protected]
      212-627-4988 (FAX) 212-627-6477

   Record last updated on 25-Aug-98.
   Record created on 01-Nov-94.
   Database last updated on 15-Nov-98 04:46:26 EST.

   Domain servers in listed order:

   DNS1.REGISTER.COM            209.67.50.220
   DNS2.REGISTER.COM            209.67.50.241

So... either they're bad folks or they got hacked and the bad folks
are using their machine.  If they got hacked I'd say that's plenty
interesting...

209.67.50.254    22 ssh          Secure Shell - RSA encrypted rsh
                    -> SSH-1.5-1.2.26\n

Cheers!
--                         
Chuck Mead, CEO - Moongroup Consulting, Inc. <[email protected]>
http://www.moongroup.com/
http://www.moongroup.com/unix/

There's no such thing as a free lunch.
                -- Milton Friendman