[nsp-sec] (AS33626 - upstreams AS701, AS2914, AS3356, AS27524) ns1.dsredirection.com and ns2.dsredirection.com - Might be 0wned?!??!?
Peter Peters
P.G.M.Peters at utwente.nl
Fri May 9 03:28:33 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Brian Eckman wrote on 8-5-2008 23:49:
> Two nameservers are being used to return the IP address 208.73.212.12 for
> any query. Earlier today, the RUS-CERT Passive DNS Database reportedly (a
> trusted source told me) knew of only one name for that IP address. Now it
> knows well over 500 (and probably over 1,000).
>
> 500 names pointing to it:
> http://cert.uni-stuttgart.de/stats/dns-replication.php?query=208.73.212.12&submit=Query
We are seeing a number of these too:
yahoo.americangreeting.com. 3460 A 208.73.212.12
tracker.bitebbs.com. 2244 A 208.73.212.12
pns.odsplus.com. 3193 A 208.73.212.12
sns.odsplus.com. 3193 A 208.73.212.12
gfx2.wqt.com. 3571 A 208.73.212.12
ns.e-com.md. 869 A 208.73.212.12
- --
Peter Peters, Teamleider Unix/Linux-Beheer
ICT-Servicecentrum
Universiteit Twente, Postbus 217, 7500 AE Enschede
Telefoon 053 489 2301, Fax 053 489 2383,
P.G.M.Peters at utwente.nl, http://www.utwente.nl/icts
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFII/0gelLo80lrIdIRAtnlAKCjeN9WDKUsCnnyaYPYn0XOJ8Q9mQCdFS09
ZzG2kh5zslDvWextyQBsg3g=
=tSh1
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list