Date: Thu, 28 Feb 2002 14:31:49 -0800 From: Michael Smith <mksmith@noanet.net> To: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: And the abuse continues... Message-ID: <B8A3EFD5.41DB%mksmith@noanet.net> In-Reply-To: <20020301082417.A57856@nucl03.anu.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello: I don't think that name should even resolve; it's probably spoofed. hydra$ whois relaystopper.com Whois Server Version 1.3 Domain names in the .com, .net, and .org domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. No match for "RELAYSTOPPER.COM". >>> Last update of whois database: Thu, 28 Feb 2002 05:25:39 EST <<< The Registry database contains ONLY .COM, .NET, .ORG, .EDU domains and Registrars. Here is the ARIN output for the IP. Not much help here because XO doesn't bother to sub-allocate their IP space. hydra$ arin 67.104.51.129 XO Communications (NET-XOXO-BLK-17) 1400 Parkmoor Avenue San Jose, CA 95126-3429 US Netname: XOXO-BLK-17 Netblock: 67.104.0.0 - 67.105.255.255 Maintainer: XOXO Coordinator: DNS and IP ADMIN (DIA-ORG-ARIN) hostmaster@CONCENTRIC.NET (408) 817-2800 Fax- - - (408) 817-2630 Domain System inverse mapping provided by: NAMESERVER1.CONCENTRIC.NET 207.155.183.73 NAMESERVER2.CONCENTRIC.NET 207.155.184.72 NAMESERVER3.CONCENTRIC.NET 206.173.119.72 NAMESERVER.CONCENTRIC.NET 207.155.183.72 Record last updated on 04-Feb-2002. Database last updated on 27-Feb-2002 19:57:58 EDT. The ARIN Registration Services Host contains ONLY Internet Network Information: Networks, ASN's, and related POC's. Please use the whois server at rs.internic.net for DOMAIN related Information and whois.nic.mil for NIPRNET Information. Mike On 2/28/02 1:24 PM, "Greg Lane" <gregory.lane@anu.edu.au> espoused: > On Thu, Feb 28, 2002 at 10:45:08AM -0500, Tim Wilde <twilde@dyndns.org> wrote: >> Well, the stuff from orbz.org is an automated relay tester. It's >> harmless, and some would consider it to be a good thing; in theory, at >> least, it will notify you if you happen to be running an open relay >> without knowing it. Some of the various other ones may also be part of >> the relay tests, or just random spammers doing their own relay scans. >> It's a normal part of being a host on the Internet, and as long as your >> mail server is secured, you should have nothing to worry about. > > Since this seems like an appropriate thread. The other day I had a few > attempts to connect to port 25 from 67.104.51.129. > > This resolves to mail.relaystopper.com, yet mail.relaystopper.com > doesn't resolve back to that IP. Traceroute back didn't tell me > anything either. > > I've never heard of this and couldn't find anything in a quick > google search. > > Does anyone know anything about this? It has such a suggestive name with > peculiar DNS! > > Greg > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > -- -------------------------------------------------------------------------- _ __ ____ ___ _ __ ______ ______ |Michael K. Smith / | / // __ \ / | / | / // ____//_ __/ |Chief IP Engineer / |/ // / / // /| | / |/ // __/ / / |mksmith@noanet.net / /| // /_/ // ___ | / /| // /___ / / |Cell: 206.579.8360 /_/ |_/ \____//_/ |_|/_/ |_//_____/ /_/ |Land: 206.783.3364 |Fax: 866.422.4887 |Pager: 800.696.6021 -------------------------------------------------------------------------- PGP Key: 485A 7807 2DFD CAC7 8E5D F348 4F19 89AC 0ED6 0B72 -------------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B8A3EFD5.41DB%mksmith>