Ports scans from DH


#1

Whoever this is, please stop banging on my firewall.
It gets noisy.

205.196.213.86

When I submitter this ip to Arin Whois, it showed New Dream Network to be the owner. I tried the email listed, but it bounced back, I tried to call but, well, it’s Saturday.

Interestingly, the scan attacks took place just as I had decided to cancel installation of the latest (10.5) RealPlayer. (Too invasive.)
Now, I do not say the 2 events are connected but, um, is NDN in bed with RealNetwork?

By the way, this looks like one of the best hosting services I’ve ever seen. Very nice looking community.

Regards,
Kat


#2

A wild guess: Did you by any chance go for Xion from r2.com.au instead?


#3

Kathryn -

I am going to assume that you’re not a DH customer and aren’t familiar with all the options around here. I’ll submit your issue to support an DH security so they can look into it.

That sure is s strange situation but I’m sure that it’s not DH directly.

I’ll update what I find here. They may contact you directly.

(I’m just a customer of DH, but we all tend to try to help)

Wholly


#4

We’ll see what we learn.

Wholly


#5

wow, DH must be very competitive now. Go DH!

Save [color=#CC0000]$97[/color] (max discount) on dreamhost plans by using promo code: [color=#CC0000]97CRAZY[/color].


#6

The port scans are continuing from that same Ip. Hrmm.

In reply to:

A wild guess: Did you by any chance go for Xion from r2.com.au instead?

Now that IS interesting… I did not look at Xion at all (don’t know what it is) BUT I do use r2.com.au’s Startup Delayer.
I haven’t been able to get to that website all day…
What is the connection here?

In reply to:

I am going to assume that you’re not a DH customer and aren’t familiar with all the options around
here. I’ll submit your issue to support an DH security so they can look into it.

Nope. Not a customer. Yet, anyway. :slight_smile: I read up on the history of this place. Very nifty. Thank you for your help.
I did not for a moment think that it was DH itself, but perhaps a user.

Very impressed with the quick responses! Very nice community, indeed.
Thanks!

Kat


#7

The IP address you listed above seems to belong to marvin.dreamhost.com. Unfortunately, unless it has been assigned to a customer as a unique IP, there is likely to be dozens of customers on that particular IP address. Hopefully, now that Wholly has reported it, DreamHost support can have a look through their logs and find out who is responsible.

It is, isn’t it? :wink: The relaxed and helpful attitude of the DreamHost staff and the community here, were the primary reasons I chose DreamHost to host my sites, and I haven’t had a reason to regret that decision yet.

Mark


Save [color=#CC0000]$50[/color] on DreamHost plans using [color=#CC0000]PRICESLASH[/color] promo code (Click for DreamHost promo code details)


#8

Kat:

Support has passed it on to their security/abuse team. I haven’t heard from them yet, but they’re like ninjas, you don’t see them until they finish you off.

http://www.askaninja.com

Wholly


#9

[quote] In reply to:

A wild guess: Did you by any chance go for Xion from r2.com.au instead?

Now that IS interesting… I did not look at Xion at all (don’t know what it is) BUT I do use r2.com.au’s Startup Delayer.
I haven’t been able to get to that website all day…
What is the connection here? [/quote]

The IP in question is 205.196.213.86.
A dig on r2.com.au shows 205.196.213.86.


chicci


#10

Kat, did you firewall out that ip address? if so, that could be why you can’t get to them anymore!

Wholly


#11

Update - I got this response tonight:

To which I basically responded - “The real question is are unrequested port scans allowed from DH systems.”

We’ll see what they say to that one. Surely such a breach of etiquette (the internet equivalent of looking in someone’s pants) should require at least a “We’d like to” kind of notification.

Wholly