From the hand to the eye...  ALIAS Web Puzzle FAQ

Explanation of ejeffy.com Re-directs
 And Ports
Submitted by Signalost
Doing about five to ten minutes of enumeration I think the reason why if you go to 
any of the old websites' ftp subdomain via http (such as ftp.creditdauphine.com) and 
get the same ejeffy site is because they happen to correspond to the same IP.  This 
means one change to one machine will be reflected on the other sites.  Each site such 
as rambaldi.org and creditdauphine.com are configured to be hosted virtually under the 
same IP address depending on the name resolution.  This means that they have basically 
kept all their eggs in one basket.
Here are some related data I found... some of which has a login prompt if anybody is 
willing to try:
http://host.inxite.com = ejeffy.com = thetruewheel.com = dayfornight.com = 
findwhatever.com = rambaldi.org = creditdauphine.com = jenningsaero.com = 64.39.15.250 
= etc.
Ports:

21  response: 220 FTP is server ready (although seems inaccessible)
22  ssh  Login Prompt version SSH-1.99-OpenSSH_2.5.2p2.
25  smtp  for sending possible mail from analysis etc.
80  http  website port response: !___ <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
	.<HTML><HEAD>.<TITLE>501 Method Not Implemented</TITLE>.</HEAD><BODY>.<H1>Met
81  hosts2-ns -hmm nameserver host
110  pop3 email port again, version host v2000.69rh server ready..
443  https a 'secure' port
554  rtsp
995  spop3

5050  mmcc
8080  WWW-Proxy : going to this port on any related season 1 site is immediate 
indication whether it is hosted by them.  It gives a "File Not Found" page. 
 

Now for Scarlet Terrier:
66.78.6.237
Port:
1  tcpmux
21  ftp
22  ssh version 1.99-OpenSSH_2.9p2. login prompt
23  telnet: ahem login prompt
25  smtp: email
    intel on email:
    220-alexandria3.unixhoster.com ESMTP Exim 3.35 #1
Wed, 7 Aug 2002 12:40:06 -0400 ..220-We do not authorize the use of this sys
53  domain
80  http response: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<HTML>
	<HEAD>.<TITLE>501 Method Not Implemented</TITLE>.</HEAD><BODY>.<H1>Met 143  
	imap[CAPABILITY IMAP4REV1 LOGIN-REFERRALS AUTH=LOGIN] alexandria3.unixhoster.com 
	IMAP4rev1
2002.325-cpanel at Wed, 21 Aug 2002
443  https
465  ssmtp 
995  spop3
Note the telnet service.  During the season 1 game they closed it early on, after the 
email message was found and the map of the websites involved. 

signalost

 

Alias FAQ Home / Joey's Pizza / The Trail / FAQ / Operations / Profiles / Steg & Camo / EJeffy Redirects / Links / Letters & 47 / WhoIs / Introduction / Red Herrings

Last update: 9/30/03