lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <1091804263.10646.23.camel@troym>
Date: Fri, 06 Aug 2004 09:57:44 -0500
From: Troy Monaghen <troy@...aghen.com>
To: bugtraq@...urityfocus.com
Subject: RE: International DNS compromise?


On Thu, 2004-08-05 at 12:37, travis.alexander@...amas.org wrote:
> I got six different results, meaning six different server IP's.

> -----Original Message-----
> From: Zhen Shi [mailto:zhenshi99@...oo.com]
>
> Dear all,
>   Recently I noticed something fishy in the DNS system
> between US and China. 

Looks like rfa.org uses Speedera (see the log of finding and querying
the authoritative name servers below).  To quote from their web site at
http://www.speedera.com/primary/Tech/Over.htm : "Speedera's highly
distributed, robust network relies on a worldwide set of probes and
global traffic managers to make real-time decisions to intelligently
route users' requests to the best location and best server."

It sounds like this is just part of Speedera's attempt to route users to
the appropriate server.


$ whois rfa.org
 ...
Name Server:DNSAUTH1.SYS.GTEI.NET
Name Server:DNSAUTH2.SYS.GTEI.NET
Name Server:DNSAUTH3.SYS.GTEI.NET

$ host www.rfa.org DNSAUTH1.SYS.GTEI.NET
 ...
www.rfa.org is an alias for www.rfaweb.org.

$ whois rfaweb.org
 ...
Name Server:DNS31.REGISTER.COM
Name Server:DNS32.REGISTER.COM

$ host www.rfaweb.org DNS31.REGISTER.COM
 ...
www.rfaweb.org is an alias for rfa.speedera.net.

$ whois speedera.net
 ...
   Domain servers in listed order:
   Q.SPEEDERA.NET                                    64.41.192.113
   L.SPEEDERA.NET                                    64.0.96.22
   N.SPEEDERA.NET                                    65.169.170.140
   F.SPEEDERA.NET                                    210.224.186.3
   A.SPEEDERA.NET                                    208.185.54.61
   H.SPEEDERA.NET                                    64.14.117.35
   Y.SPEEDERA.NET                                    212.187.170.30
   Z.SPEEDERA.NET                                    216.200.69.12

$ host rfa.speedera.net Q.SPEEDERA.NET
 ...
rfa.speedera.net has address 208.254.75.133
rfa.speedera.net has address 66.7.159.165

$ host rfa.speedera.net L.SPEEDERA.NET
 ...
rfa.speedera.net has address 64.37.246.4
rfa.speedera.net has address 64.37.246.3

$ host rfa.speedera.net N.SPEEDERA.NET
 ...
rfa.speedera.net has address 65.216.78.76
rfa.speedera.net has address 64.37.246.4

$ host rfa.speedera.net F.SPEEDERA.NET
 ...
rfa.speedera.net has address 65.216.78.76
rfa.speedera.net has address 64.37.246.4

$ host rfa.speedera.net A.SPEEDERA.NET
 ...
rfa.speedera.net has address 65.216.78.76
rfa.speedera.net has address 64.28.86.231

$ host rfa.speedera.net  H.SPEEDERA.NET
 ...
rfa.speedera.net has address 65.216.78.76
rfa.speedera.net has address 64.156.240.39

$ host rfa.speedera.net  Y.SPEEDERA.NET
 ...
rfa.speedera.net has address 216.74.133.196
rfa.speedera.net has address 64.156.240.39

$ host rfa.speedera.net Z.SPEEDERA.NET
 ...
rfa.speedera.net has address 64.156.240.39
rfa.speedera.net has address 216.74.133.196


--
Troy






Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ