Exodus / Clue problems
James McKenzie
mcs at 1ipnet.net
Mon Nov 16 00:39:46 UTC 1998
I sent this to him. I'm posting it here as others are having problems
with the host. I just had a customer of mine log an a complaint, I've put
a call into the Exodus New Jersey facility. They are paging there systems
Admin.
James
>Date: Sun, 15 Nov 1998 15:21:36 -0800
>To: TTSG <ttsg at ttsg.com>
>From: James McKenzie <mcs at 1ipnet.net>
>Subject: Re: Exodus / Clue problems
>In-Reply-To: <199811152309.SAA28380 at heimdall.ttsg.com>
>References: <3.0.5.32.19981115150412.00aa7490 at mail.1ipnet.net> from "James
McKenzie" at Nov 15, 98 03:04:12 pm>
>
>#ftp 209.67.50.254
>
>Connected to 209.67.50.254.
>220 dns4.register.com FTP server (Version wu-2.4.2-academ[BETA-16](1) Thu
May 7
>23:18:05 EDT 1998) ready.
>Name (209.67.50.254:mcs): ^]q
>331 Password required for q.
>Password:
>530 Login incorrect.
>ftp: Login failed.
>Remote system type is UNIX.
>Using binary mode to transfer files.
>ftp> quit
>221 Goodbye.
>
>ns:22# nslookup dns4.register.com
>Server: localhost
>Address: 127.0.0.1
>
>Non-authoritative answer:
>Name: dns4.register.com
>Address: 209.67.50.254
>
>Forman Interactive Corp (REGISTER-DOM)
REGISTER.COM
>Register.Com (DOMAIN-DIRECT-DOM)
DOMAIN-DIRECT.COM
>Register.Com (DOMAINS-DIRECT-DOM)
DOMAINS-DIRECT.COM
>Register.Com (YAHOO-REGISTER-DOM)
YAHOO-REGISTER.COM
>Register.Com (NETSCAPE-REGISTER-DOM)
NETSCAPE-REGISTER.COM
>Register.Com (EXCITE-REGISTER-DOM)
EXCITE-REGISTER.COM
>Register.Com (REGISTERYOURDOMAIN2-DOM)
REGISTERYOURDOMAIN.COM
>Register.Com (DOMAINSONSALE-DOM)
DOMAINSONSALE.COM
>Register.Com (DOMAINNAMESFORLESS-DOM)
DOMAINNAMESFORLESS.COM
>Register.Com (DOMAINS-DIRECTLY-DOM)
DOMAINS-DIRECTLY.COM
>Register.Com (TOREGISTER-DOM)
TOREGISTER.COM
>Register.Com (SITEREGISTRATION2-DOM)
SITEREGISTRATION.COM
>register.com (CLOVERSKY-DOM)
CLOVERSKY.COM
>
>
>Forman Interactive Corp (REGISTER-DOM)
> 201 Water St.
> Brooklyn, NY 11201
> USA
>
> Domain Name: REGISTER.COM
>
> Administrative Contact, Technical Contact, Zone Contact:
> Forman, Internic (PF61) internic at FORMAN.COM
> 212-627-4988 (FAX) 212-627-6477
> Billing Contact:
> Forman, Internic (PF61) internic at FORMAN.COM
> 212-627-4988 (FAX) 212-627-6477
>
> Record last updated on 25-Aug-98.
> Record created on 01-Nov-94.
> Database last updated on 15-Nov-98 04:46:26 EST.
>
> Domain servers in listed order:
>
> DNS1.REGISTER.COM 209.67.50.220
> DNS2.REGISTER.COM 209.67.50.241
>
>
> web site http://www.register.com
>
>
> Looks like you might be looking at someone who's hacked there site, but
this should help get you in touch with them.
>
>
> James
>
>
>
>
>At 06:09 PM 11/15/98 -0500, you wrote:
>>>
>>>
>>> I'm not exodus but I am a customer in their Santa Clara, Walsh facility.
>>> You sure got someone stupid.
>>>
>>> What's the problem? Perhaps I can help get some help.
>>>
>> Thanks.........
>>
>> Actually, this is out of New Jersey...........
>>
>> Looks like a heavy duty, repeated port scan.....
>>heimdall:/home/ttsg# traceroute 209.67.50.254
>>traceroute to 209.67.50.254 (209.67.50.254), 30 hops max, 40 byte packets
>> 1 nac-wsh6-e0-10Mb.nac.net (207.99.55.6) 168.931 ms 169.109 ms
169.792 ms
>> 2 nac-wsh1-e0-10Mb.nac.net (207.99.55.1) 169.745 ms 169.32 ms
169.808 ms
>> 3 h2-0-401.frame1.whi.nac.net (209.123.11.93) 179.754 ms 179.293 ms
179.80s
>> 4 nac-globalcenter-Fa2-1-100mb.nac.net (207.99.5.191) 169.79 ms
179.18 ms s
>> 5 vc37.atm1-0.cr1.DCA.globalcenter.net (206.132.191.162) 179.747 ms
199.092s
>> 6 * vnva-01.core.exodus.net (192.41.177.119) 190.242 ms 217.626 ms
>> 7 heva-02-h8-1-0.core.exodus.net (209.1.169.217) 191.728 ms 209.631
ms 209s
>> 8 heva-05-p1-0.core.exodus.net (209.185.249.38) 209.729 ms 179.74 ms
319.7s
>> 9 jcnj-06-p0-1.core.exodus.net (209.185.9.202) 259.623 ms 179.555 ms
199.8s
>>10 jcnj-01-p12-0-0.core.exodus.net (209.1.169.186) 229.731 ms 189.627
ms 17s
>>11 vlan921.rsm2-j8-b.lan.exodus.net (209.185.160.7) 189.733 ms 199.615
ms 1s
>>12 209.67.50.254 (209.67.50.254) 219.754 ms 199.405 ms 249.803 ms
>>
>>
>> Seems to have slacked off after I set a few machines to do a fast
>>ping of it........
>>
>> Tuc/TTSG
>>> James
>>>
>>> At 05:38 PM 11/15/98 -0500, you wrote:
>>> >Hi,
>>> >
>>> > Sorry to cross post, but is there anyone monitoring this list
>>> >from Exodus with 1/2 a clue who might be able to help me? I called the
>>> >NOC with an in-progress abuse and was told :
>>> >
>>> > 1) We don't know who owns that IP
>>> > 2) We can't get into our own routers
>>> > 3) We don't have a ticket system
>>> > 4) The abuse people have a ticket system, but only if we
>>> > can associate it to a customer (See #1)
>>> > 5) We don't know how often the "abuse@" is checked
>>> > 6) Email us the logs, and thanks for calling.
>>> >
>>> >
>>> > AAAAAAAAARRRRRRRRRRGGGGGGGGGGGHHHHHHHHHHHHH!!!!!!!!!!!!!!!
>>> >
>>> > Tuc/TTSG
>>> >
>>> >
>>>
>>> James McKenzie
>>> mcs at 1ipnet.net
>>> http://www.1ipnet.net
>>>
>>
>>
James McKenzie
mcs at 1ipnet.net
http://www.1ipnet.net
More information about the NANOG
mailing list