Sam spade?
Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Sam spade?

  1. #1
    Junior Member
    Join Date
    Jul 2003
    Posts
    7

    Sam spade?

    Hello all: I appear to have just been scanned on several high number ports (2200's). I did a trace with sam spade and found many "bogus rDNS, host not found, authoritive". What is this?
    \"I\'ve entered the rabbit hole and I\'m looking how deep it is.\"

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    It just means that Sam Spade can't get back any RDNS value (sometimes this is found with DHCP addys). IIRC, some of the DNS turned this off to Sam Spade because of the amount of traffic generated (for some reason this sticks in my head). Overall, you should be able to figure out the source anyways based on the FQDN since it usually gives you an indication of source.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    This is telling you that there is no DNS record for the IP address you provided to SamSpade. Can you provide the IP address? I'm *sure* the myself and others can give you a little more info if we have the addy.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  4. #4
    Junior Member
    Join Date
    Jul 2003
    Posts
    7
    Thanks so far. Here is what zone alarm is tellin me.
    1. IP=64.124.83.125.80
    2. address=ak.bluestreak.com
    3. Scanned a lot of the ports in the mid 2200 range. (ie: 2259, 2249,2256 and others in this range)

    When I did a google on the ak.bluestreak.com i got a did not find? If I do an ak.bluestreak I get a whole lotta wierd replys? (Remeber I am new to all of this) Not straight forward google reply's, if this makes any sense?
    I also got several scanns from another IP 209.8.166.168.80.akamai.com?
    Spyware? Skriptkiddies? Worm? Thanks in advance. learnin...
    \"I\'ve entered the rabbit hole and I\'m looking how deep it is.\"

  5. #5
    Banned
    Join Date
    Mar 2002
    Posts
    594
    That IP addy is too long, I don't think that last 80 should be there.. that's a port isn't it?

  6. #6
    Member
    Join Date
    Jul 2003
    Posts
    68
    IP address: 64.124.83.125
    Host name: 64.124.83.125.akamai.com

    TraceRoute to 64.124.83.125 [64.124.83.125.akamai.com]

    Hop (ms) (ms) (ms) IP Address Host name
    1 0 0 15 66.46.176.3 -
    2 0 0 15 216.191.97.41 pos5-3.core1-mtl.bb.allstream.net
    3 0 16 15 216.191.65.173 pos2-1.core2-tor.bb.allstream.net
    4 16 15 31 216.191.65.70 pos5-0.gwy1-chi.bb.allstream.net
    5 16 31 16 216.191.65.38 po-9-2.pr1.ord2.us.mfnx.net
    6 16 31 31 64.125.30.157 so-7-3-0.cr1.ord2.us.above.net
    7 47 31 47 208.184.233.149 pos5-0.mpr1.dfw2.us.above.net
    8 78 78 78 208.184.232.82 so-4-1-0.mpr3.sjc2.us.above.net
    9 78 78 78 64.125.30.90 so-2-0-0.er10a.sjc2.us.above.net
    10 172 125 78 64.124.83.125 64.124.83.125.akamai.com

    Trace complete

    Domain registry query for akamai.com:

    Whois Server Version 1.3

    Domain names in the .com and .net domains can now be registered
    with many different competing registrars. Go to http://www.internic.net
    for detailed information.

    Domain Name: AKAMAI.COM
    Registrar: TUCOWS, INC.
    Whois Server: whois.opensrs.net
    Referral URL: http://www.opensrs.org
    Name Server: YH.AKAMAI.COM
    Name Server: YG.AKAMAI.COM
    Name Server: YC.AKAMAI.COM
    Name Server: USE1.AKAM.NET
    Name Server: EUR1.AKAM.NET
    Name Server: ASIA2.AKAM.NET
    Name Server: NS1-2.AKAM.NET
    Name Server: NS1-3.AKAM.NET
    Name Server: NS1-42.AKAM.NET
    Name Server: EUR2.AKAM.NET
    Name Server: NS1-137.AKAM.NET
    Name Server: USE3.AKAM.NET
    Status: REGISTRAR-LOCK
    Updated Date: 29-jul-2003
    Creation Date: 17-aug-1998
    Expiration Date: 16-aug-2007


    >>> Last update of whois database: Tue, 19 Aug 2003 06:17:16 EDT <<<

    NOTICE: The expiration date displayed in this record is the date the
    registrar's sponsorship of the domain name registration in the registry is
    currently set to expire. This date does not necessarily reflect the expiration
    date of the domain name registrant's agreement with the sponsoring
    registrar. Users may consult the sponsoring registrar's Whois database to
    view the registrar's reported date of expiration for this registration.

    TERMS OF USE: You are not authorized to access or query our Whois
    database through the use of electronic processes that are high-volume and
    automated except as reasonably necessary to register domain names or
    modify existing registrations; the Data in VeriSign Global Registry
    Services' ("VeriSign") Whois database is provided by VeriSign for
    information purposes only, and to assist persons in obtaining information
    about or related to a domain name registration record. VeriSign does not
    guarantee its accuracy. By submitting a Whois query, you agree to abide
    by the following terms of use: You agree that you may use this Data only
    for lawful purposes and that under no circumstances will you use this Data
    to: (1) allow, enable, or otherwise support the transmission of mass
    unsolicited, commercial advertising or solicitations via e-mail, telephone,
    or facsimile; or (2) enable high volume, automated, electronic processes
    that apply to VeriSign (or its computer systems). The compilation,
    repackaging, dissemination or other use of this Data is expressly
    prohibited without the prior written consent of VeriSign. You agree not to
    use electronic processes that are automated and high-volume to access or
    query the Whois database except as reasonably necessary to register
    domain names or modify existing registrations. VeriSign reserves the right
    to restrict your access to the Whois database in its sole discretion to ensure
    operational stability. VeriSign may restrict or terminate your access to the
    Whois database for failure to abide by these terms of use. VeriSign
    reserves the right to modify these terms at any time.

    The Registry database contains ONLY .COM, .NET, .EDU domains and
    Registrars.


    --------------------------------------------------------------------------------

    WHOIS whois.opensrs.net akamai.com:

    Registrant:
    Akamai Technologies, Inc.
    8 Cambridge Center
    Cambridge, MA 02142
    US

    Domain name: AKAMAI.COM

    Administrative Contact:
    Hostmaster, Akamai hostmaster-billing@akamai.com
    8 Cambridge Center
    Cambridge, MA 02142
    US
    +1.6174443000 Fax: +1.6174443001

    Technical Contact:
    Hostmaster, Akamai hostmaster-billing@akamai.com
    8 Cambridge Center
    Cambridge, MA 02142
    US
    +1.6174443000 Fax: +1.6174443001



    Registration Service Provider:
    Akamai Technologies, hostmaster@akamai.com
    617-444-3000
    This company may be contacted for domain login/passwords,
    DNS/Nameserver changes, and general domain support questions.


    Registrar of Record: TUCOWS, INC.
    Record last updated on 29-Jul-2003.
    Record expires on 16-Aug-2007.
    Record Created on 17-Aug-1998.

    Domain servers in listed order:
    NS1-2.AKAM.NET 193.108.91.2
    NS1-3.AKAM.NET 193.108.91.3
    NS1-137.AKAM.NET 193.108.91.137
    NS1-42.AKAM.NET 193.108.91.42
    EUR1.AKAM.NET 212.187.244.35
    EUR2.AKAM.NET 212.187.169.152
    USE3.AKAM.NET 80.67.67.182
    USE1.AKAM.NET 63.209.170.136
    YC.AKAMAI.COM 209.246.46.48
    ASIA2.AKAM.NET 193.108.154.70
    YG.AKAMAI.COM 63.215.198.86
    YH.AKAMAI.COM 63.241.29.188


    The Data in the Tucows Registrar WHOIS database is provided to you by Tucows
    for information purposes only, and may be used to assist you in obtaining
    information about or related to a domain name's registration record.

    Tucows makes this information available "as is," and does not guarantee its
    accuracy.

    By submitting a WHOIS query, you agree that you will use this data only for
    lawful purposes and that, under no circumstances will you use this data to:
    a) allow, enable, or otherwise support the transmission by e-mail,
    telephone, or facsimile of mass, unsolicited, commercial advertising or
    solicitations to entities other than the data recipient's own existing
    customers; or (b) enable high volume, automated, electronic processes that
    send queries or data to the systems of any Registry Operator or
    ICANN-Accredited registrar, except as reasonably necessary to register
    domain names or modify existing registrations.

    The compilation, repackaging, dissemination or other use of this Data is
    expressly prohibited without the prior written consent of Tucows.

    Tucows reserves the right to terminate your access to the Tucows WHOIS
    database in its sole discretion, including without limitation, for excessive
    querying of the WHOIS database or for failure to otherwise abide by this
    policy.

    Tucows reserves the right to modify these terms at any time.

    By submitting this query, you agree to abide by these terms.

    NOTE: THE WHOIS DATABASE IS A CONTACT DATABASE ONLY. LACK OF A DOMAIN
    RECORD DOES NOT SIGNIFY DOMAIN AVAILABILITY.




    --------------------------------------------------------------------------------

    .com is for "Commercial" which is a Generic Top Level Domain (gTLD) - Not associated with a country
    Root: ICANN
    Registration web site: http://www.internic.net
    Whois server: whois.opensrs.net
    Whois web interface: http://www.internic.net
    Second Level Domains Registered
    Cost: Varies depending upon registrar
    Dispute Policy: http://www.icann.org/udrp/udrp.htm
    Notes: Domains registered by many competing registrars. Prices vary. Whois is a 2-step process. the registry is first checked to see which registrar controls the domain and that specific registrar's whois database is queried to see ownership information.
    Updated: July 22, 2001

    DNS Records for akamai.com:

    query from dns.consumer.net to get an authoritative nameserver

    NameServer used for query: use3.akam.net



    Answer records
    akamai.com 1 NS ns1-137.akam.net 7200s
    akamai.com 1 A 80.67.70.22 300s
    akamai.com 1 NS eur1.akam.net 7200s
    akamai.com 1 NS asia2.akam.net 7200s
    akamai.com 1 MX preference: 100
    exchange: mx1.akamai.com
    300s
    akamai.com 1 NS yg.akamai.com 7200s
    akamai.com 1 NS yc.akamai.com 7200s
    akamai.com 1 NS use1.akam.net 7200s

    Authority records

    Additional records
    yg.akamai.com 1 A 63.215.198.86 7200s
    yh.akamai.com 1 A 63.241.29.188 7200s
    use3.akam.net 1 A 80.67.67.182 60000s
    use1.akam.net 1 A 63.209.170.136 60000s
    ns1-42.akam.net 1 A 193.108.91.42 60000s
    ns1-2.akam.net 1 A 193.108.91.2 60000s
    mx3.akamai.com 1 A 63.116.109.19 300s
    ns1-137.akam.net 1 A 193.108.91.137 60000s

    DNS Records for 125.akamai.com


    query from dns.consumer.net to get an authoritative nameserver


    DNS query for 125.akamai.com failed: Queried domain does not exist

  7. #7
    Junior Member
    Join Date
    Jul 2003
    Posts
    7
    A little too much info there bongpilot.
    Yes there was a port 80 at the end of the address supplied by zone alarm.
    \"I\'ve entered the rabbit hole and I\'m looking how deep it is.\"

  8. #8
    Banned
    Join Date
    Mar 2002
    Posts
    594
    Well in that case bongpilot took of that... any other information we can provide?

  9. #9
    Member
    Join Date
    Jul 2003
    Posts
    68
    WTF ? what do you mean to much info?

  10. #10
    Kwiep
    Join Date
    Aug 2001
    Posts
    924
    lol if I you really want an explenation... he probably didn't know what to do with all the info you gave him... the akamai.com part was probably enough
    :d
    Double Dutch

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides