David Smulsky wrote:
> Next, if you really think hes an intruder, go for the source,
> find an admin, or a ISP admin that hosts mump.bestiary.com
Careful here, since that's simply the PTR record for the IP address 204.225.173.21.
It's perfectly feasible, extremely easy and all-too-common for PTR records to be
out-of-date, misleading, or downright untruths.
In this case, the contact details for the netblock are:
OrgName: Mountain Lake Software Corporation
OrgID: MLSC-1
NetRange: 204.225.173.0 - 204.225.173.255
CIDR: 204.225.173.0/24
NetName: MTNNET
NetHandle: NET-204-225-173-0-1
Parent: NET-204-0-0-0-0
NetType: Direct Assignment
NameServer: NS.TAPSCOTT.COM
NameServer: GEAR.TORQUE.NET
NameServer: NS3.TORQUE.NET
Comment:
RegDate: 1995-01-10
Updated: 1999-04-06
TechHandle: NA12-ORG-ARIN
TechName: Network Administrator
TechPhone: +1-416-367-7300
TechEmail: [EMAIL PROTECTED]
and for the domain 'bestiary.net':
Administrative Contact:
Pete Bevin
Pete Bevin
65 Empire Ave.
Toronto, ON M4M2L3
CA
Phone: (416) 461-5871
Email: [EMAIL PROTECTED]
Well, look. The area code's the same. You'll be needing to contact either of the two
listed above, and explain that MUMP.BESTIARY.NET is possibly cracked, or at the very
least being misused. If they're the ones being the bad person, they'll soon back off.
If however they're simply innocent bystanders and their machine has been broken into,
you can walk off safe in the knowledge that you've just done your bit to secure their
network. Especially as it's one of their primary nameservers. There, ain't that a nice
warm feeling? :)
Graeme
--
Graeme Fowler
System Administrator
Host Europe Group PLC
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
