Date: Sun, 30 Dec 2007 21:42:21 -0500 From: Michael Greb <mgreb@linode.com> To: nanog@merit.edu Subject: DreamHost Contact?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I've attempted to contact DreamHost NOC or Abuse departments via the numbers in whois but just get voice mail and no call back.
I've got a user sending a lot of UDP traffic to 208.113.189.13 port 22. This traffic is very likely undesirable and I'd be willing to pull the plug immediately if I can get confirmation from DreamHost. Failing that
Port 22? Isn't that ssh? Doesn't ssh have the capability to forward X or whatever via ssh?
I've opened an abuse ticket with the customer and given them 12 hours to respond.
- -- Michael Greb Linode.com, LLC -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHeFcN0Qbp4bPZvesRAncgAJ98S3v+I/+wxal0lWZn/9GRHimqUgCg1tXW 5CnD7nmJBMDy4Jht2vxkk2k= =wtUq -----END PGP SIGNATURE-----
--------------------------------------------------------------------- Gregory Hicks | Principal Systems Engineer Cadence Design Systems | Direct: 408.576.3609 555 River Oaks Pkwy M/S 9B1 San Jose, CA 95134 I am perfectly capable of learning from my mistakes. I will surely learn a great deal today. "A democracy is a sheep and two wolves deciding on what to have for lunch. Freedom is a well armed sheep contesting the results of the decision." "The best we can hope for concerning the people at large is that they be properly armed." --Alexander Hamilton
Gregory Hicks <ghicks@cadence.com> writes:
Date: Sun, 30 Dec 2007 21:42:21 -0500 From: Michael Greb <mgreb@linode.com>
I've got a user sending a lot of UDP traffic to 208.113.189.13 port 22. This traffic is very likely undesirable and I'd be willing to pull the plug immediately if I can get confirmation from DreamHost. Failing that
Port 22? Isn't that ssh? Doesn't ssh have the capability to forward X or whatever via ssh?
I'm with Gregory here. Between scp and port forwarding, there are plenty of explanations for lots of traffic on port 22. What exactly leads you to the conclusion that the traffic is "very likely undesirable"? ---rob
"Robert E. Seastrom" <rs@seastrom.com> writes:
Gregory Hicks <ghicks@cadence.com> writes:
Date: Sun, 30 Dec 2007 21:42:21 -0500 From: Michael Greb <mgreb@linode.com>
I've got a user sending a lot of UDP traffic to 208.113.189.13 port 22. This traffic is very likely undesirable and I'd be willing to pull the plug immediately if I can get confirmation from DreamHost. Failing that
Port 22? Isn't that ssh? Doesn't ssh have the capability to forward X or whatever via ssh?
I'm with Gregory here. Between scp and port forwarding, there are plenty of explanations for lots of traffic on port 22. What exactly leads you to the conclusion that the traffic is "very likely undesirable"?
duh, UDP, not TCP. My bad. Yeah, this is a little bit weird. ---rob
On 12/30/2007 at 8:27 PM, Gregory Hicks <ghicks@cadence.com> wrote:
Date: Sun, 30 Dec 2007 21:42:21 -0500 From: Michael Greb <mgreb@linode.com> To: nanog@merit.edu Subject: DreamHost Contact?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I've attempted to contact DreamHost NOC or Abuse departments via
numbers in whois but just get voice mail and no call back.
I've got a user sending a lot of UDP traffic to 208.113.189.13 port
This traffic is very likely undesirable and I'd be willing to pull
plug immediately if I can get confirmation from DreamHost. Failing
the 22. the that
Port 22? Isn't that ssh? Doesn't ssh have the capability to forward
X or
whatever via ssh?
SSH uses only TCP, not UDP. 22/udp traffic used to be indicative of old, buggy PCAnywhere. PCAnywhere is supposed to use 5632/udp (0x1600), but there was an endian bug in some old versions that had it using 0x0016, 22/udp. Haven't seen that for a long time. May or may not have anything to do with this traffic. BĀ¼information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact postmaster@globalstar.com
participants (3)
-
Crist Clark
-
Gregory Hicks
-
Robert E. Seastrom