-
August 19th, 2003, 02:53 PM
#1
Junior Member
Sam spade?
Hello all: I appear to have just been scanned on several high number ports (2200's). I did a trace with sam spade and found many "bogus rDNS, host not found, authoritive". What is this?
\"I\'ve entered the rabbit hole and I\'m looking how deep it is.\"
-
August 19th, 2003, 03:01 PM
#2
It just means that Sam Spade can't get back any RDNS value (sometimes this is found with DHCP addys). IIRC, some of the DNS turned this off to Sam Spade because of the amount of traffic generated (for some reason this sticks in my head). Overall, you should be able to figure out the source anyways based on the FQDN since it usually gives you an indication of source.
-
August 19th, 2003, 03:02 PM
#3
This is telling you that there is no DNS record for the IP address you provided to SamSpade. Can you provide the IP address? I'm *sure* the myself and others can give you a little more info if we have the addy.
--TH13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
August 19th, 2003, 04:03 PM
#4
Junior Member
Thanks so far. Here is what zone alarm is tellin me.
1. IP=64.124.83.125.80
2. address=ak.bluestreak.com
3. Scanned a lot of the ports in the mid 2200 range. (ie: 2259, 2249,2256 and others in this range)
When I did a google on the ak.bluestreak.com i got a did not find? If I do an ak.bluestreak I get a whole lotta wierd replys? (Remeber I am new to all of this) Not straight forward google reply's, if this makes any sense?
I also got several scanns from another IP 209.8.166.168.80.akamai.com?
Spyware? Skriptkiddies? Worm? Thanks in advance. learnin...
\"I\'ve entered the rabbit hole and I\'m looking how deep it is.\"
-
August 19th, 2003, 04:07 PM
#5
That IP addy is too long, I don't think that last 80 should be there.. that's a port isn't it?
-
August 19th, 2003, 04:11 PM
#6
Member
IP address: 64.124.83.125
Host name: 64.124.83.125.akamai.com
TraceRoute to 64.124.83.125 [64.124.83.125.akamai.com]
Hop (ms) (ms) (ms) IP Address Host name
1 0 0 15 66.46.176.3 -
2 0 0 15 216.191.97.41 pos5-3.core1-mtl.bb.allstream.net
3 0 16 15 216.191.65.173 pos2-1.core2-tor.bb.allstream.net
4 16 15 31 216.191.65.70 pos5-0.gwy1-chi.bb.allstream.net
5 16 31 16 216.191.65.38 po-9-2.pr1.ord2.us.mfnx.net
6 16 31 31 64.125.30.157 so-7-3-0.cr1.ord2.us.above.net
7 47 31 47 208.184.233.149 pos5-0.mpr1.dfw2.us.above.net
8 78 78 78 208.184.232.82 so-4-1-0.mpr3.sjc2.us.above.net
9 78 78 78 64.125.30.90 so-2-0-0.er10a.sjc2.us.above.net
10 172 125 78 64.124.83.125 64.124.83.125.akamai.com
Trace complete
Domain registry query for akamai.com:
Whois Server Version 1.3
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Domain Name: AKAMAI.COM
Registrar: TUCOWS, INC.
Whois Server: whois.opensrs.net
Referral URL: http://www.opensrs.org
Name Server: YH.AKAMAI.COM
Name Server: YG.AKAMAI.COM
Name Server: YC.AKAMAI.COM
Name Server: USE1.AKAM.NET
Name Server: EUR1.AKAM.NET
Name Server: ASIA2.AKAM.NET
Name Server: NS1-2.AKAM.NET
Name Server: NS1-3.AKAM.NET
Name Server: NS1-42.AKAM.NET
Name Server: EUR2.AKAM.NET
Name Server: NS1-137.AKAM.NET
Name Server: USE3.AKAM.NET
Status: REGISTRAR-LOCK
Updated Date: 29-jul-2003
Creation Date: 17-aug-1998
Expiration Date: 16-aug-2007
>>> Last update of whois database: Tue, 19 Aug 2003 06:17:16 EDT <<<
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
--------------------------------------------------------------------------------
WHOIS whois.opensrs.net akamai.com:
Registrant:
Akamai Technologies, Inc.
8 Cambridge Center
Cambridge, MA 02142
US
Domain name: AKAMAI.COM
Administrative Contact:
Hostmaster, Akamai hostmaster-billing@akamai.com
8 Cambridge Center
Cambridge, MA 02142
US
+1.6174443000 Fax: +1.6174443001
Technical Contact:
Hostmaster, Akamai hostmaster-billing@akamai.com
8 Cambridge Center
Cambridge, MA 02142
US
+1.6174443000 Fax: +1.6174443001
Registration Service Provider:
Akamai Technologies, hostmaster@akamai.com
617-444-3000
This company may be contacted for domain login/passwords,
DNS/Nameserver changes, and general domain support questions.
Registrar of Record: TUCOWS, INC.
Record last updated on 29-Jul-2003.
Record expires on 16-Aug-2007.
Record Created on 17-Aug-1998.
Domain servers in listed order:
NS1-2.AKAM.NET 193.108.91.2
NS1-3.AKAM.NET 193.108.91.3
NS1-137.AKAM.NET 193.108.91.137
NS1-42.AKAM.NET 193.108.91.42
EUR1.AKAM.NET 212.187.244.35
EUR2.AKAM.NET 212.187.169.152
USE3.AKAM.NET 80.67.67.182
USE1.AKAM.NET 63.209.170.136
YC.AKAMAI.COM 209.246.46.48
ASIA2.AKAM.NET 193.108.154.70
YG.AKAMAI.COM 63.215.198.86
YH.AKAMAI.COM 63.241.29.188
The Data in the Tucows Registrar WHOIS database is provided to you by Tucows
for information purposes only, and may be used to assist you in obtaining
information about or related to a domain name's registration record.
Tucows makes this information available "as is," and does not guarantee its
accuracy.
By submitting a WHOIS query, you agree that you will use this data only for
lawful purposes and that, under no circumstances will you use this data to:
a) allow, enable, or otherwise support the transmission by e-mail,
telephone, or facsimile of mass, unsolicited, commercial advertising or
solicitations to entities other than the data recipient's own existing
customers; or (b) enable high volume, automated, electronic processes that
send queries or data to the systems of any Registry Operator or
ICANN-Accredited registrar, except as reasonably necessary to register
domain names or modify existing registrations.
The compilation, repackaging, dissemination or other use of this Data is
expressly prohibited without the prior written consent of Tucows.
Tucows reserves the right to terminate your access to the Tucows WHOIS
database in its sole discretion, including without limitation, for excessive
querying of the WHOIS database or for failure to otherwise abide by this
policy.
Tucows reserves the right to modify these terms at any time.
By submitting this query, you agree to abide by these terms.
NOTE: THE WHOIS DATABASE IS A CONTACT DATABASE ONLY. LACK OF A DOMAIN
RECORD DOES NOT SIGNIFY DOMAIN AVAILABILITY.
--------------------------------------------------------------------------------
.com is for "Commercial" which is a Generic Top Level Domain (gTLD) - Not associated with a country
Root: ICANN
Registration web site: http://www.internic.net
Whois server: whois.opensrs.net
Whois web interface: http://www.internic.net
Second Level Domains Registered
Cost: Varies depending upon registrar
Dispute Policy: http://www.icann.org/udrp/udrp.htm
Notes: Domains registered by many competing registrars. Prices vary. Whois is a 2-step process. the registry is first checked to see which registrar controls the domain and that specific registrar's whois database is queried to see ownership information.
Updated: July 22, 2001
DNS Records for akamai.com:
query from dns.consumer.net to get an authoritative nameserver
NameServer used for query: use3.akam.net
Answer records
akamai.com 1 NS ns1-137.akam.net 7200s
akamai.com 1 A 80.67.70.22 300s
akamai.com 1 NS eur1.akam.net 7200s
akamai.com 1 NS asia2.akam.net 7200s
akamai.com 1 MX preference: 100
exchange: mx1.akamai.com
300s
akamai.com 1 NS yg.akamai.com 7200s
akamai.com 1 NS yc.akamai.com 7200s
akamai.com 1 NS use1.akam.net 7200s
Authority records
Additional records
yg.akamai.com 1 A 63.215.198.86 7200s
yh.akamai.com 1 A 63.241.29.188 7200s
use3.akam.net 1 A 80.67.67.182 60000s
use1.akam.net 1 A 63.209.170.136 60000s
ns1-42.akam.net 1 A 193.108.91.42 60000s
ns1-2.akam.net 1 A 193.108.91.2 60000s
mx3.akamai.com 1 A 63.116.109.19 300s
ns1-137.akam.net 1 A 193.108.91.137 60000s
DNS Records for 125.akamai.com
query from dns.consumer.net to get an authoritative nameserver
DNS query for 125.akamai.com failed: Queried domain does not exist
-
August 19th, 2003, 04:16 PM
#7
Junior Member
A little too much info there bongpilot.
Yes there was a port 80 at the end of the address supplied by zone alarm.
\"I\'ve entered the rabbit hole and I\'m looking how deep it is.\"
-
August 19th, 2003, 04:19 PM
#8
Well in that case bongpilot took of that... any other information we can provide?
-
August 19th, 2003, 04:19 PM
#9
Member
WTF ? what do you mean to much info?
-
August 20th, 2003, 12:03 AM
#10
lol if I you really want an explenation... he probably didn't know what to do with all the info you gave him... the akamai.com part was probably enough
:d
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|