DreamHost Contact?

Mailman List Mirror (Read Only)
1

Date: Sun, 30 Dec 2007 21:42:21 -0500
From: Michael Greb <mgreb@linode.com>
To: nanog@merit.edu
Subject: DreamHost Contact?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I've attempted to contact DreamHost NOC or Abuse departments via the
numbers in whois but just get voice mail and no call back.

I've got a user sending a lot of UDP traffic to 208.113.189.13 port 22.
This traffic is very likely undesirable and I'd be willing to pull the
plug immediately if I can get confirmation from DreamHost. Failing that

Port 22? Isn't that ssh? Doesn't ssh have the capability to forward X or
whatever via ssh?

2

Gregory Hicks <ghicks@cadence.com> writes:

Date: Sun, 30 Dec 2007 21:42:21 -0500
From: Michael Greb <mgreb@linode.com>

I've got a user sending a lot of UDP traffic to 208.113.189.13 port 22.
This traffic is very likely undesirable and I'd be willing to pull the
plug immediately if I can get confirmation from DreamHost. Failing that

Port 22? Isn't that ssh? Doesn't ssh have the capability to forward X or
whatever via ssh?

I'm with Gregory here. Between scp and port forwarding, there are
plenty of explanations for lots of traffic on port 22. What exactly
leads you to the conclusion that the traffic is "very likely
undesirable"?

                                        ---rob

3

"Robert E. Seastrom" <rs@seastrom.com> writes:

Gregory Hicks <ghicks@cadence.com> writes:

Date: Sun, 30 Dec 2007 21:42:21 -0500
From: Michael Greb <mgreb@linode.com>

I've got a user sending a lot of UDP traffic to 208.113.189.13 port 22.
This traffic is very likely undesirable and I'd be willing to pull the
plug immediately if I can get confirmation from DreamHost. Failing that

Port 22? Isn't that ssh? Doesn't ssh have the capability to forward X or
whatever via ssh?

I'm with Gregory here. Between scp and port forwarding, there are
plenty of explanations for lots of traffic on port 22. What exactly
leads you to the conclusion that the traffic is "very likely
undesirable"?

duh, UDP, not TCP. My bad. Yeah, this is a little bit weird.

                                        ---rob

4

Date: Sun, 30 Dec 2007 21:42:21 -0500
From: Michael Greb <mgreb@linode.com>
To: nanog@merit.edu
Subject: DreamHost Contact?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I've attempted to contact DreamHost NOC or Abuse departments via

the

numbers in whois but just get voice mail and no call back.

I've got a user sending a lot of UDP traffic to 208.113.189.13 port

22.

This traffic is very likely undesirable and I'd be willing to pull

the

plug immediately if I can get confirmation from DreamHost. Failing

that

Port 22? Isn't that ssh? Doesn't ssh have the capability to forward

X or

whatever via ssh?

SSH uses only TCP, not UDP. 22/udp traffic used to be indicative of
old,
buggy PCAnywhere. PCAnywhere is supposed to use 5632/udp (0x1600), but
there was an endian bug in some old versions that had it using 0x0016,
22/udp.

Haven't seen that for a long time. May or may not have anything to do
with
this traffic.

B¼information contained in this e-mail message is confidential, intended
only for the use of the individual or entity named above. If the reader
of this e-mail is not the intended recipient, or the employee or agent
responsible to deliver it to the intended recipient, you are hereby
notified that any review, dissemination, distribution or copying of this
communication is strictly prohibited. If you have received this e-mail
in error, please contact postmaster@globalstar.com