From owner-freebsd-questions Thu Feb 28 14:32: 0 2002 Delivered-To: freebsd-questions@freebsd.org Received: from chimera.noanet.net (chimera.noanet.net [66.119.192.4]) by hub.freebsd.org (Postfix) with ESMTP id EF60337B400 for ; Thu, 28 Feb 2002 14:31:49 -0800 (PST) Received: from [66.119.205.82] (mks-733.noanet.net [66.119.205.82]) by chimera.noanet.net (8.12.2/8.12.2) with ESMTP id g1SMU8Qf057082 for ; Thu, 28 Feb 2002 14:30:09 -0800 (PST) User-Agent: Microsoft-Entourage/10.0.0.1331 Date: Thu, 28 Feb 2002 14:31:49 -0800 Subject: Re: And the abuse continues... From: Michael Smith To: FreeBSD Questions Message-ID: In-Reply-To: <20020301082417.A57856@nucl03.anu.edu.au> Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hello: I don't think that name should even resolve; it's probably spoofed. hydra$ whois relaystopper.com Whois Server Version 1.3 Domain names in the .com, .net, and .org domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. No match for "RELAYSTOPPER.COM". >>> Last update of whois database: Thu, 28 Feb 2002 05:25:39 EST <<< The Registry database contains ONLY .COM, .NET, .ORG, .EDU domains and Registrars. Here is the ARIN output for the IP. Not much help here because XO doesn't bother to sub-allocate their IP space. hydra$ arin 67.104.51.129 XO Communications (NET-XOXO-BLK-17) 1400 Parkmoor Avenue San Jose, CA 95126-3429 US Netname: XOXO-BLK-17 Netblock: 67.104.0.0 - 67.105.255.255 Maintainer: XOXO Coordinator: DNS and IP ADMIN (DIA-ORG-ARIN) hostmaster@CONCENTRIC.NET (408) 817-2800 Fax- - - (408) 817-2630 Domain System inverse mapping provided by: NAMESERVER1.CONCENTRIC.NET 207.155.183.73 NAMESERVER2.CONCENTRIC.NET 207.155.184.72 NAMESERVER3.CONCENTRIC.NET 206.173.119.72 NAMESERVER.CONCENTRIC.NET 207.155.183.72 Record last updated on 04-Feb-2002. Database last updated on 27-Feb-2002 19:57:58 EDT. The ARIN Registration Services Host contains ONLY Internet Network Information: Networks, ASN's, and related POC's. Please use the whois server at rs.internic.net for DOMAIN related Information and whois.nic.mil for NIPRNET Information. Mike On 2/28/02 1:24 PM, "Greg Lane" espoused: > On Thu, Feb 28, 2002 at 10:45:08AM -0500, Tim Wilde wrote: >> Well, the stuff from orbz.org is an automated relay tester. It's >> harmless, and some would consider it to be a good thing; in theory, at >> least, it will notify you if you happen to be running an open relay >> without knowing it. Some of the various other ones may also be part of >> the relay tests, or just random spammers doing their own relay scans. >> It's a normal part of being a host on the Internet, and as long as your >> mail server is secured, you should have nothing to worry about. > > Since this seems like an appropriate thread. The other day I had a few > attempts to connect to port 25 from 67.104.51.129. > > This resolves to mail.relaystopper.com, yet mail.relaystopper.com > doesn't resolve back to that IP. Traceroute back didn't tell me > anything either. > > I've never heard of this and couldn't find anything in a quick > google search. > > Does anyone know anything about this? It has such a suggestive name with > peculiar DNS! > > Greg > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > -- -------------------------------------------------------------------------- _ __ ____ ___ _ __ ______ ______ |Michael K. Smith / | / // __ \ / | / | / // ____//_ __/ |Chief IP Engineer / |/ // / / // /| | / |/ // __/ / / |mksmith@noanet.net / /| // /_/ // ___ | / /| // /___ / / |Cell: 206.579.8360 /_/ |_/ \____//_/ |_|/_/ |_//_____/ /_/ |Land: 206.783.3364 |Fax: 866.422.4887 |Pager: 800.696.6021 -------------------------------------------------------------------------- PGP Key: 485A 7807 2DFD CAC7 8E5D F348 4F19 89AC 0ED6 0B72 -------------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message