Educause Security Discussion mailing list archives

Re: Microsoft the source of all evil?? Simple question

From: Morrow Long <morrow.long () YALE EDU>
Date: Wed, 13 Feb 2008 18:59:26 -0500

On Feb 13, 2008, at 12:37 PM, Gary Flynn wrote:

I thought the second nslookup command below was odd too:

nslookup ofallevil.com

Non-authoritative answer:
Name:    ofallevil.com
Address:  209.62.14.146

nslookup thesource.ofallevil.com

Non-authoritative answer:
Name:    lb1.www.ms.akadns.net
Addresses:  207.46.19.254, 207.46.192.254, 207.46.193.254,
207.46.19.190
Aliases:  thesource.ofallevil.com, www.microsoft.com
         toggle.www.ms.akadns.net, g.www.ms.akadns.net


There is just a very long 'alias' (DNS CNAME) chain going on here:

1.      thesource.ofallevil.com is an alias which points to
www.microsoft.com.

2.      www.microsoft.com (is Akamaized and) is an alias which points to
the alias
        toggle.www.ms.akadns.net.

3.      toggle.www.ms.akadns.net is an alias pointing to g.www.ms.akadns.net
        (most likely is can also do round-robin DNS to other X.www.ms.akadns.net
 names)

4.      g.www.ms.akadns.net is an alias which points to
lb1.www.ms.akadns.net.

5.      lb1.www.ms.akadns.net has 4 different IP addresses.

6.      The 4 IP addresses are registered to Microsoft (and MSN and Hotmail).

7.      The Tier 1 ISP for the Microsoft public network 207.46.* apparently
is Level3.Net.

morrow-longs-macbook-pro-17:~ morrowlong$ host thesource.ofallevil.com
thesource.ofallevil.com is an alias for www.microsoft.com.
www.microsoft.com is an alias for toggle.www.ms.akadns.net.
toggle.www.ms.akadns.net is an alias for g.www.ms.akadns.net.
g.www.ms.akadns.net is an alias for lb1.www.ms.akadns.net.
lb1.www.ms.akadns.net has address 207.46.193.254
lb1.www.ms.akadns.net has address 207.46.192.254
lb1.www.ms.akadns.net has address 207.46.19.190
lb1.www.ms.akadns.net has address 207.46.19.254
morrow-longs-macbook-pro-17:~ morrowlong$

OrgName:    Microsoft Corp
OrgID:      MSFT
Address:    One Microsoft Way
City:       Redmond
StateProv:  WA
PostalCode: 98052
Country:    US

NetRange:   207.46.0.0 - 207.46.255.255
CIDR:       207.46.0.0/16
NetName:    MICROSOFT-GLOBAL-NET
NetHandle:  NET-207-46-0-0-1
Parent:     NET-207-0-0-0-0
NetType:    Direct Assignment
NameServer: NS1.MSFT.NET
NameServer: NS5.MSFT.NET
NameServer: NS2.MSFT.NET
NameServer: NS3.MSFT.NET
NameServer: NS4.MSFT.NET
Comment:
RegDate:    1997-03-31
Updated:    2004-12-09

RTechHandle: ZM39-ARIN
RTechName:   Microsoft
RTechPhone:  +1-425-882-8080
RTechEmail:  noc () microsoft com

OrgAbuseHandle: ABUSE231-ARIN
OrgAbuseName:   Abuse
OrgAbusePhone:  +1-425-882-8080
OrgAbuseEmail:  abuse () msn com

OrgAbuseHandle: HOTMA-ARIN
OrgAbuseName:   Hotmail Abuse
OrgAbusePhone:  +1-425-882-8080
OrgAbuseEmail:  abuse () hotmail com

OrgAbuseHandle: MSNAB-ARIN
OrgAbuseName:   MSN ABUSE
OrgAbusePhone:  +1-425-882-8080
OrgAbuseEmail:  abuse () msn com

OrgNOCHandle: ZM23-ARIN
OrgNOCName:   Microsoft Corporation
OrgNOCPhone:  +1-425-882-8080
OrgNOCEmail:  noc () microsoft com

OrgTechHandle: MSFTP-ARIN
OrgTechName:   MSFT-POC
OrgTechPhone:  +1-425-882-8080
OrgTechEmail:  iprrms () microsoft com

# ARIN WHOIS database, last updated 2008-02-12 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
morrow-longs-macbook-pro-17:~ morrowlong$
morrow-longs-macbook-pro-17:~ morrowlong$ traceroute 207.46.193.254
traceroute to 207.46.193.254 (207.46.193.254), 64 hops max, 40 byte
packets
 1      SANITIZED
 2     SANITIZED
 3     SANITIZED
 4  te-4-4-ar01.berlin.ct.hartford.comcast.net (68.87.182.73)  46.305
ms  40.186 ms  47.818 ms
 5  po-10-ar01.chartford.ct.hartford.comcast.net (68.87.146.29)
39.796 ms  11.300 ms  16.725 ms
 6  * * *
 7  xe-11-1-0.edge1.NewYork2.Level3.net (4.71.186.13)  63.964 ms
71.349 ms  72.815 ms
 8  vlan99.csw4.NewYork1.Level3.net (4.68.16.254)  72.666 ms  37.444
ms vlan79.csw2.NewYork1.Level3.net (4.68.16.126)  26.398 ms
 9  ae-72-72.ebr2.NewYork1.Level3.net (4.69.134.85)  38.540 ms
ae-62-62.ebr2.NewYork1.Level3.net (4.69.134.81)  46.488 ms
ae-92-92.ebr2.NewYork1.Level3.net (4.69.134.93)  66.931 ms
10  ae-2.ebr1.Chicago1.Level3.net (4.69.132.65)  105.695 ms  123.079
ms  69.522 ms
11  ae-68.ebr3.Chicago1.Level3.net (4.69.134.58)  70.894 ms  106.166
ms  93.893 ms
12  ae-3.ebr2.Denver1.Level3.net (4.69.132.61)  115.344 ms  111.851
ms  87.477 ms
13  ae-2.ebr2.Seattle1.Level3.net (4.69.132.53)  149.782 ms  107.382
ms  146.133 ms
14  ge-2-0-0-56.gar1.Seattle1.Level3.net (4.68.105.169)  124.276 ms
ge-2-0-0-52.gar1.Seattle1.Level3.net (4.68.105.41)  111.031 ms
ge-2-0-0-54.gar1.Seattle1.Level3.net (4.68.105.105)  155.807 ms
15  65.59.235.6 (65.59.235.6)  134.577 ms  125.719 ms  161.164 ms
16  207.46.37.252 (207.46.37.252)  156.125 ms  114.199 ms  134.124 ms
17  ten2-1.tuk-76c-1b.ntwk.msn.net (207.46.36.201)  124.372 ms
152.769 ms  147.232 ms
18  po17.tuk-65ns-mcs-1b.ntwk.msn.net (207.46.35.146)  135.268 ms
86.068 ms  100.947 ms
                                ...

Current thread:

Microsoft the source of all evil?? Simple question James Moore (Feb 13)
- <Possible follow-ups>
- Re: Microsoft the source of all evil?? Simple question Nick Pistentis (Feb 13)
- Re: Microsoft the source of all evil?? Simple question John Kim (Feb 13)
- Re: Microsoft the source of all evil?? Simple question Glenn Forbes Fleming Larratt (Feb 13)
- Re: Microsoft the source of all evil?? Simple question Kevin Halgren (Feb 13)
- Re: Microsoft the source of all evil?? Simple question Gary Flynn (Feb 13)
- Re: Microsoft the source of all evil?? Simple question Morrow Long (Feb 13)