Date: Sun, 15 Nov 1998 15:21:36 -0800 To: TTSG <ttsg@ttsg.com> From: James McKenzie <mcs@1ipnet.net> Subject: Re: Exodus / Clue problems In-Reply-To: <199811152309.SAA28380@heimdall.ttsg.com> References: <3.0.5.32.19981115150412.00aa7490@mail.1ipnet.net> from "James McKenzie" at Nov 15, 98 03:04:12 pm>
#ftp 209.67.50.254
Connected to 209.67.50.254. 220 dns4.register.com FTP server (Version wu-2.4.2-academ[BETA-16](1) Thu May 7 23:18:05 EDT 1998) ready. Name (209.67.50.254:mcs): ^]q 331 Password required for q. Password: 530 Login incorrect. ftp: Login failed. Remote system type is UNIX. Using binary mode to transfer files. ftp> quit 221 Goodbye.
ns:22# nslookup dns4.register.com Server: localhost Address: 127.0.0.1
Non-authoritative answer: Name: dns4.register.com Address: 209.67.50.254
Forman Interactive Corp (REGISTER-DOM) REGISTER.COM Register.Com (DOMAIN-DIRECT-DOM) DOMAIN-DIRECT.COM Register.Com (DOMAINS-DIRECT-DOM) DOMAINS-DIRECT.COM Register.Com (YAHOO-REGISTER-DOM) YAHOO-REGISTER.COM Register.Com (NETSCAPE-REGISTER-DOM) NETSCAPE-REGISTER.COM Register.Com (EXCITE-REGISTER-DOM) EXCITE-REGISTER.COM Register.Com (REGISTERYOURDOMAIN2-DOM) REGISTERYOURDOMAIN.COM Register.Com (DOMAINSONSALE-DOM) DOMAINSONSALE.COM Register.Com (DOMAINNAMESFORLESS-DOM) DOMAINNAMESFORLESS.COM Register.Com (DOMAINS-DIRECTLY-DOM) DOMAINS-DIRECTLY.COM Register.Com (TOREGISTER-DOM) TOREGISTER.COM Register.Com (SITEREGISTRATION2-DOM) SITEREGISTRATION.COM register.com (CLOVERSKY-DOM) CLOVERSKY.COM
Forman Interactive Corp (REGISTER-DOM) 201 Water St. Brooklyn, NY 11201 USA
Domain Name: REGISTER.COM
Administrative Contact, Technical Contact, Zone Contact: Forman, Internic (PF61) internic@FORMAN.COM 212-627-4988 (FAX) 212-627-6477 Billing Contact: Forman, Internic (PF61) internic@FORMAN.COM 212-627-4988 (FAX) 212-627-6477
Record last updated on 25-Aug-98. Record created on 01-Nov-94. Database last updated on 15-Nov-98 04:46:26 EST.
Domain servers in listed order:
DNS1.REGISTER.COM 209.67.50.220 DNS2.REGISTER.COM 209.67.50.241
web site http://www.register.com
Looks like you might be looking at someone who's hacked there site, but
I sent this to him. I'm posting it here as others are having problems with the host. I just had a customer of mine log an a complaint, I've put a call into the Exodus New Jersey facility. They are paging there systems Admin. James this should help get you in touch with them.
James
At 06:09 PM 11/15/98 -0500, you wrote:
I'm not exodus but I am a customer in their Santa Clara, Walsh facility. You sure got someone stupid.
What's the problem? Perhaps I can help get some help.
Thanks.........
Actually, this is out of New Jersey...........
Looks like a heavy duty, repeated port scan..... heimdall:/home/ttsg# traceroute 209.67.50.254 traceroute to 209.67.50.254 (209.67.50.254), 30 hops max, 40 byte packets 1 nac-wsh6-e0-10Mb.nac.net (207.99.55.6) 168.931 ms 169.109 ms
169.792 ms
2 nac-wsh1-e0-10Mb.nac.net (207.99.55.1) 169.745 ms 169.32 ms 169.808 ms 3 h2-0-401.frame1.whi.nac.net (209.123.11.93) 179.754 ms 179.293 ms 179.80s 4 nac-globalcenter-Fa2-1-100mb.nac.net (207.99.5.191) 169.79 ms 179.18 ms s 5 vc37.atm1-0.cr1.DCA.globalcenter.net (206.132.191.162) 179.747 ms 199.092s 6 * vnva-01.core.exodus.net (192.41.177.119) 190.242 ms 217.626 ms 7 heva-02-h8-1-0.core.exodus.net (209.1.169.217) 191.728 ms 209.631 ms 209s 8 heva-05-p1-0.core.exodus.net (209.185.249.38) 209.729 ms 179.74 ms 319.7s 9 jcnj-06-p0-1.core.exodus.net (209.185.9.202) 259.623 ms 179.555 ms 199.8s 10 jcnj-01-p12-0-0.core.exodus.net (209.1.169.186) 229.731 ms 189.627 ms 17s 11 vlan921.rsm2-j8-b.lan.exodus.net (209.185.160.7) 189.733 ms 199.615 ms 1s 12 209.67.50.254 (209.67.50.254) 219.754 ms 199.405 ms 249.803 ms
Seems to have slacked off after I set a few machines to do a fast ping of it........
Tuc/TTSG
James
At 05:38 PM 11/15/98 -0500, you wrote:
Hi,
Sorry to cross post, but is there anyone monitoring this list from Exodus with 1/2 a clue who might be able to help me? I called the NOC with an in-progress abuse and was told :
1) We don't know who owns that IP 2) We can't get into our own routers 3) We don't have a ticket system 4) The abuse people have a ticket system, but only if we can associate it to a customer (See #1) 5) We don't know how often the "abuse@" is checked 6) Email us the logs, and thanks for calling.
AAAAAAAAARRRRRRRRRRGGGGGGGGGGGHHHHHHHHHHHHH!!!!!!!!!!!!!!!
Tuc/TTSG
James McKenzie mcs@1ipnet.net http://www.1ipnet.net
James McKenzie mcs@1ipnet.net http://www.1ipnet.net