Guest ~BD~ Posted October 21, 2008 Posted October 21, 2008 "FromTheRafters" <erratic@nomail.afraid.org> wrote in message news:uUN$DzuMJHA.4248@TK2MSFTNGP03.phx.gbl... <snip> <span style="color:blue"> > is this the place? > > http://24.28.193.9 > > ></span> There's always someone fool enough to look ........ 'twas me! <wink> I was taken here: http://ww23.rr.com/index.php?origURL=http://24.28.193.9/ It says: "Sorry, we couldn't find 24.28.193.9" (Road Runner) I've played around with Google (entering 24.28.193.9 in the search box) and found http://social.microsoft.com/en-US/Profile/ I've never seen this domain before - is it genuine? Is it something new? TIA Dave -- Quote
Guest Paul Adare Posted October 21, 2008 Posted October 21, 2008 On Tue, 21 Oct 2008 15:54:47 +0100, ~BD~ wrote: <span style="color:blue"> > is it genuine? Is it something new?</span> Yes. Yes. -- Paul Adare MVP - Identity Lifecycle Manager http://www.identit.ca Quote
Guest VanguardLH Posted October 21, 2008 Posted October 21, 2008 ~BD~ wrote: <span style="color:blue"> > "FromTheRafters" <erratic@nomail.afraid.org> wrote in message > news:uUN$DzuMJHA.4248@TK2MSFTNGP03.phx.gbl... > <snip> > <span style="color:green"> >> is this the place? >> >> http://24.28.193.9 >> >> >></span> > > There's always someone fool enough to look ........ 'twas me! <wink> > > I was taken here: http://ww23.rr.com/index.php?origURL=http://24.28.193.9/ > > It says: "Sorry, we couldn't find 24.28.193.9" (Road Runner) > > I've played around with Google (entering 24.28.193.9 in the search box) > and found http://social.microsoft.com/en-US/Profile/ > > I've never seen this domain before - is it genuine? Is it something new?</span> An IP whois on 24.28.193.9 returns: OrgName: Road Runner HoldCo LLC OrgID: RRMA Address: 13241 Woodland Park Road City: Herndon StateProv: VA PostalCode: 20171 Country: US ReferralServer: rwhois://ipmt.rr.com:4321 NetRange: 24.24.0.0 - 24.29.255.255 CIDR: 24.24.0.0/14, 24.28.0.0/15 NetName: ROAD-RUNNER-1 NetHandle: NET-24-24-0-0-1 Parent: NET-24-0-0-0-0 NetType: Direct Allocation NameServer: DNS1.RR.COM NameServer: DNS2.RR.COM NameServer: DNS3.RR.COM NameServer: DNS4.RR.COM Comment: RegDate: 2000-06-09 Updated: 2002-08-22 RTechHandle: ZS30-ARIN RTechName: ServiceCo LLC RTechPhone: +1-703-345-3416 RTechEmail: @rr.com OrgAbuseHandle: ABUSE10-ARIN OrgAbuseName: Abuse OrgAbusePhone: +1-703-345-3416 OrgAbuseEmail: @rr.com OrgTechHandle: IPTEC-ARIN OrgTechName: IP Tech OrgTechPhone: +1-703-345-3416 OrgTechEmail: @rr.com So that IP address is allocated to RoadRunner, not Microsoft. A reverse lookup on the IP address (nslookup 24.28.193.9) doesn't return an IP name. It's probably an RR user's IP address and it's probably a dynamic IP address. If you went to ww23.rr.com, you would've seen that it was a search page (powered by Yahoo), so that URL is a search. If you had tried going to http://24.28.193.9, you'd find there was no web server listening there for your connection. If you have done a lookup on the Google result, "nslookup social.microsoft.com" returns 65.55.11.254, not 24.28.193.9. You were "taken to" an RR search page by WHAT? Don't know how to use Google web search? You do know, right, that non-alphanumeric characters, like periods, are ignored, right? Quote
Guest ~BD~ Posted October 21, 2008 Posted October 21, 2008 "Paul Adare" <pkadare@gmail.com> wrote in message news:7xpmucgar59n$.wfvqcm4bdzxx.dlg@40tude.net...<span style="color:blue"> > On Tue, 21 Oct 2008 15:54:47 +0100, ~BD~ wrote: ><span style="color:green"> >> is it genuine? Is it something new?</span> > > Yes. Yes. > > -- > Paul Adare > MVP - Identity Lifecycle Manager > http://www.identit.ca</span> Thank you, Paul. (We /could/ be friends! <wink>) Dave Quote
Guest Paul Adare Posted October 21, 2008 Posted October 21, 2008 On Tue, 21 Oct 2008 18:44:22 +0100, ~BD~ wrote: <span style="color:blue"> > We /could/ be friends</span> Not when you insist on adding these kind of assinine comments to your posts. -- Paul Adare MVP - Identity Lifecycle Manager http://www.identit.ca Quote
Guest ~BD~ Posted October 21, 2008 Posted October 21, 2008 "VanguardLH" <V@nguard.LH> wrote in message news:OFyrT65MJHA.1156@TK2MSFTNGP04.phx.gbl...<span style="color:blue"> > ~BD~ wrote: ><span style="color:green"> >> "FromTheRafters" <erratic@nomail.afraid.org> wrote in message >> news:uUN$DzuMJHA.4248@TK2MSFTNGP03.phx.gbl... >> <snip> >><span style="color:darkred"> >>> is this the place? >>> >>> http://24.28.193.9 >>> >>> >>></span> >> >> There's always someone fool enough to look ........ 'twas me! <wink> >> >> I was taken here: >> http://ww23.rr.com/index.php?origURL=http://24.28.193.9/ >> >> It says: "Sorry, we couldn't find 24.28.193.9" (Road Runner) >> >> I've played around with Google (entering 24.28.193.9 in the search box) >> and found http://social.microsoft.com/en-US/Profile/ >> >> I've never seen this domain before - is it genuine? Is it something >> new?</span> > > An IP whois on 24.28.193.9 returns: > > OrgName: Road Runner HoldCo LLC > OrgID: RRMA > Address: 13241 Woodland Park Road > City: Herndon > StateProv: VA > PostalCode: 20171 > Country: US > > ReferralServer: rwhois://ipmt.rr.com:4321 > > NetRange: 24.24.0.0 - 24.29.255.255 > CIDR: 24.24.0.0/14, 24.28.0.0/15 > NetName: ROAD-RUNNER-1 > NetHandle: NET-24-24-0-0-1 > Parent: NET-24-0-0-0-0 > NetType: Direct Allocation > NameServer: DNS1.RR.COM > NameServer: DNS2.RR.COM > NameServer: DNS3.RR.COM > NameServer: DNS4.RR.COM > Comment: > RegDate: 2000-06-09 > Updated: 2002-08-22 > > RTechHandle: ZS30-ARIN > RTechName: ServiceCo LLC > RTechPhone: +1-703-345-3416 > RTechEmail: @rr.com > > OrgAbuseHandle: ABUSE10-ARIN > OrgAbuseName: Abuse > OrgAbusePhone: +1-703-345-3416 > OrgAbuseEmail: @rr.com > > OrgTechHandle: IPTEC-ARIN > OrgTechName: IP Tech > OrgTechPhone: +1-703-345-3416 > OrgTechEmail: @rr.com > > So that IP address is allocated to RoadRunner, not Microsoft. A reverse > lookup on the IP address (nslookup 24.28.193.9) doesn't return an IP > name. It's probably an RR user's IP address and it's probably a dynamic > IP address. If you went to ww23.rr.com, you would've seen that it was a > search page (powered by Yahoo), so that URL is a search. If you had > tried going to http://24.28.193.9, you'd find there was no web server > listening there for your connection. > > If you have done a lookup on the Google result, "nslookup > social.microsoft.com" returns 65.55.11.254, not 24.28.193.9. > > You were "taken to" an RR search page by WHAT?</span> I simply clicked on the link posted here! <span style="color:blue"> >Don't know how to use Google web search?</span> I thought I did! style_emoticons/ <span style="color:blue"> > You do know, right, that non-alphanumeric > characters, like periods, are ignored, right?</span> Not on this computer Vanguard! Look here to see the result of my search:- http://www.google.com/search?q=24.28.193.9...&rlz=1I7GPCK_en Thank you for taking an interest and for responding in depth. Something doesn't quite gell here, does it? <scratches head> I'm sorry if I slightly clouded the issue in my post. I had thought others might have similar thought patterns to my own. BTW, I really enjoyed your recent posts on Virtual Machines! Dave Quote
Guest BurfordTJustice Posted October 21, 2008 Posted October 21, 2008 You wink at men, are you gay? "~BD~" <~BD~@no.mail.afraid.com> wrote in message news:efv9iS6MJHA.468@TK2MSFTNGP06.phx.gbl... Thank you, Paul. (We /could/ be friends! <wink>) Dave Quote
Guest ~BD~ Posted October 21, 2008 Posted October 21, 2008 "BurfordTJustice" <hot@smokey.v8> wrote in message news:qL-dnbJSxriM2mPVnZ2dnUVZ_rLinZ2d@trueband.net...<span style="color:blue"> > You wink at men, are you gay? ></span> Now THAT's what I'd call an assinine comment! No - I'm not gay. HTH Dave -- Quote
Guest VanguardLH Posted October 22, 2008 Posted October 22, 2008 ~BD~ wrote: <span style="color:blue"><span style="color:green"> >> You were "taken to" an RR search page by WHAT?</span> > > I simply clicked on the link posted here!</span> "here" is where? You stated the link in your post. You said you clicked it somewhere so it would have to be somewhere other than your own post. Was is some post in this newsgroup? From a web search? On a web page at a site? I'm curious because that target site isn't running a web server so they might've taken it down or been killed already by their ISP but it'd be interesting to know under what context that link was purveyed. Quote
Guest ~BD~ Posted October 22, 2008 Posted October 22, 2008 Was .... Re: Deleted XP Antispyware 2009..now what? "VanguardLH" <V@nguard.LH> wrote in message news:%23kuTIE%23MJHA.2324@TK2MSFTNGP06.phx.gbl...<span style="color:blue"> > ~BD~ wrote: ><span style="color:green"><span style="color:darkred"> >>> You were "taken to" an RR search page by WHAT?</span> >> >> I simply clicked on the link posted here!</span> > > "here" is where? You stated the link in your post. You said you > clicked it somewhere so it would have to be somewhere other than your > own post. Was is some post in this newsgroup? From a web search? On a > web page at a site? I'm curious because that target site isn't running > a web server so they might've taken it down or been killed already by > their ISP but it'd be interesting to know under what context that link > was purveyed.</span> Hmmm. So sorry!! style_emoticons/ The link was in the post made by 'FromTheRafters' 20 October 2008 20:48 (GMT) in 'microsoft.public.security.homeusers' Subject: Re: Deleted XP Antispyware 2009..now what? This is the reference:- news:uUN$DzuMJHA.4248@TK2MSFTNGP03.phx.gbl... Thank you for taking an interest, 'Vanguard'. I appreciate your help. Thanks. Dave -- Quote
Guest VanguardLH Posted October 22, 2008 Posted October 22, 2008 Re: Was .... Re: Deleted XP Antispyware 2009..now what? ~BD~ wrote: <span style="color:blue"> > "VanguardLH" <V@nguard.LH> wrote in message > news:%23kuTIE%23MJHA.2324@TK2MSFTNGP06.phx.gbl...<span style="color:green"> >> ~BD~ wrote: >><span style="color:darkred"> >>>> You were "taken to" an RR search page by WHAT? >>> >>> I simply clicked on the link posted here!</span> >> >> "here" is where? You stated the link in your post. You said you >> clicked it somewhere so it would have to be somewhere other than your >> own post. Was is some post in this newsgroup? From a web search? On a >> web page at a site? I'm curious because that target site isn't running >> a web server so they might've taken it down or been killed already by >> their ISP but it'd be interesting to know under what context that link >> was purveyed.</span> > > Hmmm. So sorry!! style_emoticons/ > > The link was in the post made by 'FromTheRafters' 20 October 2008 20:48 > (GMT) in 'microsoft.public.security.homeusers' > > Subject: Re: Deleted XP Antispyware 2009..now what? This is the reference:- > > news:uUN$DzuMJHA.4248@TK2MSFTNGP03.phx.gbl... > > Thank you for taking an interest, 'Vanguard'. I appreciate your help. > Thanks. > > Dave</span> FromTheRafters was an appropriate moniker for the reply which didn't seem to address the poster's question. Could've been some troll that wanted the poster to visit their web site (which isn't up anymore) to provide "help" that only hurt the poster more. Hard to tell from such a terse response just what was the intention of FromTheRafters. The Google Groups profile for FromTheRafters is: http://groups.google.com/groups/profile?en...rVz1uU_2WALcq_Q I looked at a few of his other posts. I don't have enough info (or desire) to profile his intention. From what little I saw of his posts, he doesn't look like a troll. Maybe he just jotted down the wrong IP address. However, if it was a legit site for help, it really should have an IP name and not just an IP address. It's possible he was giving an IP address because of concern that malware was interfering with DNS lookups; however, although an IP address may get you to a home page, it usually doesn't let you navigate the site since links often include the IP name of the site. Quote
Guest FromTheRafters Posted October 22, 2008 Posted October 22, 2008 Re: Was .... Re: Deleted XP Antispyware 2009..now what? <span style="color:blue"> > I looked at a few of his other posts. I don't have enough info (or > desire) to profile his intention. From what little I saw of his posts, > he doesn't look like a troll. Maybe he just jotted down the wrong IP > address. However, if it was a legit site for help, it really should > have an IP name and not just an IP address. It's possible he was giving > an IP address because of concern that malware was interfering with DNS > lookups; however, although an IP address may get you to a home page, it > usually doesn't let you navigate the site since links often include the > IP name of the site.</span> That is correct, I wanted to see if security related sites could be reached by bypassing both 'hosts' and DNS lookups. The wrong IP was posted and I cancelled the post because of that and the fact that the best approach was to not continue using the compromised machine online. The fact that ~BD~ changed the subject in the middle of a thread and crossposted at the same time I cancelled my post made for some interesting side trips for Dave. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.