| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 06 Aug 2004 09:57:44 -0500 From: Troy Monaghen <troy@...aghen.com> To: bugtraq@...urityfocus.com Subject: RE: International DNS compromise? On Thu, 2004-08-05 at 12:37, travis.alexander@...amas.org wrote: > I got six different results, meaning six different server IP's. > -----Original Message----- > From: Zhen Shi [mailto:zhenshi99@...oo.com] > > Dear all, > Recently I noticed something fishy in the DNS system > between US and China. Looks like rfa.org uses Speedera (see the log of finding and querying the authoritative name servers below). To quote from their web site at http://www.speedera.com/primary/Tech/Over.htm : "Speedera's highly distributed, robust network relies on a worldwide set of probes and global traffic managers to make real-time decisions to intelligently route users' requests to the best location and best server." It sounds like this is just part of Speedera's attempt to route users to the appropriate server. $ whois rfa.org ... Name Server:DNSAUTH1.SYS.GTEI.NET Name Server:DNSAUTH2.SYS.GTEI.NET Name Server:DNSAUTH3.SYS.GTEI.NET $ host www.rfa.org DNSAUTH1.SYS.GTEI.NET ... www.rfa.org is an alias for www.rfaweb.org. $ whois rfaweb.org ... Name Server:DNS31.REGISTER.COM Name Server:DNS32.REGISTER.COM $ host www.rfaweb.org DNS31.REGISTER.COM ... www.rfaweb.org is an alias for rfa.speedera.net. $ whois speedera.net ... Domain servers in listed order: Q.SPEEDERA.NET 64.41.192.113 L.SPEEDERA.NET 64.0.96.22 N.SPEEDERA.NET 65.169.170.140 F.SPEEDERA.NET 210.224.186.3 A.SPEEDERA.NET 208.185.54.61 H.SPEEDERA.NET 64.14.117.35 Y.SPEEDERA.NET 212.187.170.30 Z.SPEEDERA.NET 216.200.69.12 $ host rfa.speedera.net Q.SPEEDERA.NET ... rfa.speedera.net has address 208.254.75.133 rfa.speedera.net has address 66.7.159.165 $ host rfa.speedera.net L.SPEEDERA.NET ... rfa.speedera.net has address 64.37.246.4 rfa.speedera.net has address 64.37.246.3 $ host rfa.speedera.net N.SPEEDERA.NET ... rfa.speedera.net has address 65.216.78.76 rfa.speedera.net has address 64.37.246.4 $ host rfa.speedera.net F.SPEEDERA.NET ... rfa.speedera.net has address 65.216.78.76 rfa.speedera.net has address 64.37.246.4 $ host rfa.speedera.net A.SPEEDERA.NET ... rfa.speedera.net has address 65.216.78.76 rfa.speedera.net has address 64.28.86.231 $ host rfa.speedera.net H.SPEEDERA.NET ... rfa.speedera.net has address 65.216.78.76 rfa.speedera.net has address 64.156.240.39 $ host rfa.speedera.net Y.SPEEDERA.NET ... rfa.speedera.net has address 216.74.133.196 rfa.speedera.net has address 64.156.240.39 $ host rfa.speedera.net Z.SPEEDERA.NET ... rfa.speedera.net has address 64.156.240.39 rfa.speedera.net has address 216.74.133.196 -- Troy
Powered by blists - more mailing lists