Mystery IP Address

A couple of months ago Steve noticed a lot of hits to the new company website from three IP addresses in the 38/8 block. By a lot of hits I mean something like 75% of the total traffic. The MaxMind database we use to generate region and ISP information for the traffic reports said that these addresses belonged to "Performance Systems International". Steve googled for this company and came up with a whole lot of blog and forum posts that claimed this company was home to a rogue bot that has plagued a lot of people.

I decide to dig a little deeper because most of the links that Steve sent me seemed to be a little under informed. Here's what I found:

"Performance Systems International" is the original name of PSINet which was an early tier 1 ISP. PSINet was eventually acquired by Cogent. Cogent currently owns the 38/8 ip space.

Apparently Cogent hasn't done a swip mapping for the particular addresses: 38.98.136.241, 38.98.136.242, 38.98.136.243 that the bot is coming from. Cogent does however run their own rwhois server that records the sub network assignment:

$ whois -h rwhois.cogentco.com -p 4321 38.98.136.241
%rwhois V-1.5:0010b0:00 rwhois.cogentco.com
38.98.136.241
network:ID:NET-266288E01B
network:Network-Name:NET-266288E01B
network:IP-Network:38.98.136.224/27
network:Org-Name:Ambiron, LLC
network:Street-Address:120 N LaSalle St Ste. 1250
network:City:Chicago
network:State:IL
network:Postal-Code:60602
network:Tech-Contact:ZC108-ARIN
network:Updated:2007-09-18 17:09:29
network:Updated-by:jknowles

This shows that the network block is assigned to "Ambiron, LLC". More googling leads to a press release on the Trustwave website announcing that in March of 2005 Trustwave and Ambiron merged. So the hits are coming from ips addresses owned by the company that is performing our PCI DSS security scans.

Nothing to see here folks. :)

I'm NOT turning into a Republican

Once you start down the dark path, forever will it dominate your destiny.

— Yoda

So I was standing in line at the grocery store today waiting to buy some goodies for dinner. The customer in front of me had a huge cart of what I would mostly consider junk food: 4 half racks of soda pop, case of cup 'o noodles, sugary cereal, and a lot of frozen meal stuff. She's got some serious ink on her arms, bleached and teased hair and designer sunglasses. The clerk comments on her fancy french nails and the lady beams and explains how they took two and half hours to do. The total for her cart full of crap is $180. Scratch that, $169 and change because she's paying with her food stamp debit card.

For a moment (that I'm extending now because I'm taking the time to write about it), I was completely pissed off. The thing that set me off here wasn't that the lady obviously had money and time to put into her appearance while still on public assistance; it was the things that she was buying with "our" money. It's shallow and judgmental and in many ways none of my business, but it still rubs me the wrong way. Jones Soda and Sugar Smacks are not the building blocks of a healthy society.