EFnet IRC Network Forum

okay this is waht i have had in my log file for about 12 days and i have no clue what is it :S
[2003/08/09 11.12] datagram received from unknown nameserver 207.218.192.26
[2003/08/09 11.15] datagram received from unknown nameserver 207.218.192.78
[2003/08/09 11.15] datagram received from unknown nameserver 207.218.192.26
[2003/08/09 11.24] datagram received from unknown nameserver 207.218.192.79
[2003/08/09 11.25] datagram received from unknown nameserver 207.218.192.26
[2003/08/09 11.26] datagram received from unknown nameserver 207.218.192.11
[2003/08/09 11.27] datagram received from unknown nameserver 207.218.192.73
[2003/08/09 11.28] datagram received from unknown nameserver 207.218.192.26
[2003/08/09 11.28] datagram received from unknown nameserver 207.218.192.27
[2003/08/09 11.29] datagram received from unknown nameserver 207.218.192.63

its been coming from 207.218.192.*. its from an ISP called ev1.net. could anyone enlighten me on what this could be?

I've seen things like that when people tried to exploit the old DNS spoofing bugs. This MIGHT be the same thing, I'm not sure offhand

IIRC, ev1.net is a known spamhouse (or houses some spam hosts). google knows what i'm talking about.

it may be they are attempting to datamine your nameserver (get a list of all subdomains), and see if they can find any hosts with mail or finger or somesuch open, which they could possibly use to get usernames to spam.

of course, this is just a guess. i would try the arin contact and see what they say.

ev1.net is better known as rackshack.net, a fairly ghetto bargain-basement colocation facility.

-seiki

lol, and their internet sucks tbh....but why would such a thing appear in ircd.log of all things?

Actually, ev1.net is known as the up and coming, quite large parent company of Rackshack.net, a ghetto basement *dedicated server* facility. They are not some hole in the wall, even though Rackshack basically is. EV1.Net sponsored major College Football bowl games this year.

That does not change the fact that they are still a known spamhouse.

Am I to presume you're a threat? Apparently you're not aware of the current state of the internet. Spam is everywhere. I say no more, troll.

A troll? Hardly. Do us all a favor and remove your self from these forums before my trigger happy finger does the job for you.

Thanks.

kaydiddy wrote:Am I to presume you're a threat? Apparently you're not aware of the current state of the internet. Spam is everywhere. I say no more, troll.

what

prefect wrote: what

read kaydiddy's other thread in IRCD, who obviously seems to think he's smarter than everyone else, and everyone else is trying to demean him or threaten him.

as for ev1 being a spamhouse: search google for 'ev1.net spam', check the results from wired.com, spamcop.net, dshield.org, and mynetwatchman.com, among others. there are plenty of complaints about ev1 being a spamhouse. whether it's a colo facility or a "*dedicated server*" facility is besides the point, you still get your choice of OS on a machine that you have admin/root on.