[H-GEN] Hmm.

David Wood dwood at plugged.net.au
Thu Jul 9 20:53:53 EDT 1998 

Rob Kearey wrote:
> 
> I'm slightly worried.


Hi Rob, etc.

=> Well, the machine's up:

[lovelace]$ ping 203.227.34.61
PING 203.227.34.61 (203.227.34.61): 56 data bytes
64 bytes from 203.227.34.61: icmp_seq=0 ttl=45 time=1091.8 ms
<snip>
--- 203.227.34.61 ping statistics ---
5 packets transmitted, 4 packets received, 20% packet loss
round-trip min/avg/max = 661.4/834.3/1091.8 ms

=> But it doesn't seem to have a domain name - that's worrying:

[lovelace]$ nslookup 203.227.34.61
Server:  morris.staff.plugged.com.au
Address:  192.168.20.1

*** morris.staff.plugged.com.au can't find 203.227.34.61: Non-existent
host/domain

=> A traceroute was rather instructive:

[lovelace]$ traceroute 203.227.34.61
traceroute to 203.227.34.61 (203.227.34.61), 30 hops max, 40 byte
packets
 1  morris (192.168.20.1)  1.099 ms  0.855 ms  1.343 ms
 2  torvalds.plugged.com.au (192.168.10.1)  1.853 ms  1.447 ms  1.373 ms
 3  wall.plugged.net.au (203.20.51.90)  153.146 ms  147.177 ms  149.675
ms
 4  gateway254.uq.net.au (203.101.254.30)  139.548 ms  137.884 ms 
139.710 ms
 5  atm2-0-23.sb1.optus.net.au (202.139.0.249)  179.690 ms  157.294 ms 
169.748 ms
 6  atm91-6.ia1.optus.net.au (202.139.7.182)  159.697 ms  167.792 ms 
159.666 ms
 7  h21.la1.optus.net.au (202.139.7.129)  499.622 ms
atm91-6.ia1.optus.net.au (202.139.7.182)  177.841 ms
h21.la1.optus.net.au (202.139.7.129)  466.857 ms
 8  906.Hssi8-0.GW1.LAX2.ALTER.NET (157.130.224.137)  476.632 ms
h21.la1.optus.net.au (202.139.7.129)  477.490 ms  466.460 ms
 9  113.ATM2-0.XR1.LAX2.ALTER.NET (146.188.248.66)  389.606 ms
906.Hssi8-0.GW1.LAX2.ALTER.NET (157.130.224.137)  467.660 ms
113.ATM2-0.XR1.LAX2.ALTER.NET (146.188.248.66)  386.811 ms
10  295.ATM3-0.TR1.LAX2.ALTER.NET (146.188.248.126)  396.537 ms  397.470
ms  409.596 ms
11  111.ATM7-0.TR1.SCL1.ALTER.NET (146.188.137.142)  399.514 ms  407.634
ms  419.595 ms
12  111.ATM7-0.TR1.SCL1.ALTER.NET (146.188.137.142)  399.542 ms  396.651
ms  409.510 ms
13  195.ATM10-0-0.GW2.PAO1.ALTER.NET (146.188.144.77)  499.660 ms 
547.611 ms 299.ATM6-0.XR1.SCL1.ALTER.NET (146.188.146.9)  499.427 ms
14  195.ATM10-0-0.GW2.PAO1.ALTER.NET (146.188.144.77)  477.403 ms 
476.530 ms inetT3-gw.customer.ALTER.NET (157.130.192.146)  409.574 ms
15  PA-INET-GW.nuri.net (203.235.119.254)  577.587 ms  547.171 ms 
549.418 ms
16  inet-fddi-ilink2.nuri.net (203.255.114.229)  619.540 ms  617.718 ms 
619.408 ms
17  c252.nuri.net (203.255.117.252)  579.441 ms
inet-fddi-ilink2.nuri.net (203.255.114.229)  2306.823 ms c252.nuri.net
(203.255.117.252)  536.595 ms
18  210.103.227.78 (210.103.227.78)  666.695 ms c252.nuri.net
(203.255.117.252)  547.395 ms 210.103.227.78 (210.103.227.78)  546.685
ms
19  203.227.34.61 (203.227.34.61)  628.164 ms  636.935 ms 210.103.227.78
(210.103.227.78)  599.356 ms
[lovelace]$ 


=> This places the machine firmly in the US.  

I'd think you have caught a spammer or a hacker attempting the IMAP
bugs, probably the latter.

You might follow up with a mail to the last resolvable host -
c252.nuri.net.  Maybe webmaster/hostmaster/postmaster at nuri.net or some
such.

Dave
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
David Wood                | Whenever you find yourself on the side
dwood at plugged.net.au      | of the majority, it is time to reform.
http://www.plugged.net.au |                - Mark Twain
------------------------------------------------------------------
finger dwood at plugged.net.au for PGP public key.

More information about the General mailing list