On Sun, 15 Nov 1998 sigma@pair.com wrote:
Let me guess - the IP is 209.67.50.254, and they're trying to login to nameservers as "root", sometimes a dozen times per second?
Hello, filtering.
Kevin
Sorry to cross post, but is there anyone monitoring this list from Exodus with 1/2 a clue who might be able to help me? I called the NOC with an in-progress abuse and was told :
1) We don't know who owns that IP
That's funny... [chuck@ws chuck]$ ping dns4.register.com PING dns4.register.com (209.67.50.254): 56 data bytes 64 bytes from 209.67.50.254: icmp_seq=0 ttl=47 time=130.2 ms 64 bytes from 209.67.50.254: icmp_seq=1 ttl=47 time=132.8 ms 64 bytes from 209.67.50.254: icmp_seq=2 ttl=47 time=133.6 ms --- dns4.register.com ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 130.2/132.2/133.6 ms and it's Linux 5.1! [chuck@server chuck]$ whois register-dom [rs.internic.net] Registrant: Forman Interactive Corp (REGISTER-DOM) 201 Water St. Brooklyn, NY 11201 USA Domain Name: REGISTER.COM Administrative Contact, Technical Contact, Zone Contact: Forman, Internic (PF61) internic@FORMAN.COM 212-627-4988 (FAX) 212-627-6477 Billing Contact: Forman, Internic (PF61) internic@FORMAN.COM 212-627-4988 (FAX) 212-627-6477 Record last updated on 25-Aug-98. Record created on 01-Nov-94. Database last updated on 15-Nov-98 04:46:26 EST. Domain servers in listed order: DNS1.REGISTER.COM 209.67.50.220 DNS2.REGISTER.COM 209.67.50.241 So... either they're bad folks or they got hacked and the bad folks are using their machine. If they got hacked I'd say that's plenty interesting... 209.67.50.254 22 ssh Secure Shell - RSA encrypted rsh -> SSH-1.5-1.2.26\n Cheers! -- Chuck Mead, CEO - Moongroup Consulting, Inc. <chuck@moongroup.com> http://www.moongroup.com/ http://www.moongroup.com/unix/ There's no such thing as a free lunch. -- Milton Friendman