Home page logo
/

bugtraq logo Bugtraq mailing list archives

RE: International DNS compromise?
From: Troy Monaghen <troy () monaghen com>
Date: Fri, 06 Aug 2004 09:57:44 -0500

On Thu, 2004-08-05 at 12:37, travis.alexander () lacamas org wrote:
I got six different results, meaning six different server IP's.

-----Original Message-----
From: Zhen Shi [mailto:zhenshi99 () yahoo com]

Dear all,
  Recently I noticed something fishy in the DNS system
between US and China. 

Looks like rfa.org uses Speedera (see the log of finding and querying
the authoritative name servers below).  To quote from their web site at
http://www.speedera.com/primary/Tech/Over.htm : "Speedera's highly
distributed, robust network relies on a worldwide set of probes and
global traffic managers to make real-time decisions to intelligently
route users' requests to the best location and best server."

It sounds like this is just part of Speedera's attempt to route users to
the appropriate server.


$ whois rfa.org
 ...
Name Server:DNSAUTH1.SYS.GTEI.NET
Name Server:DNSAUTH2.SYS.GTEI.NET
Name Server:DNSAUTH3.SYS.GTEI.NET

$ host www.rfa.org DNSAUTH1.SYS.GTEI.NET
 ...
www.rfa.org is an alias for www.rfaweb.org.

$ whois rfaweb.org
 ...
Name Server:DNS31.REGISTER.COM
Name Server:DNS32.REGISTER.COM

$ host www.rfaweb.org DNS31.REGISTER.COM
 ...
www.rfaweb.org is an alias for rfa.speedera.net.

$ whois speedera.net
 ...
   Domain servers in listed order:
   Q.SPEEDERA.NET                                    64.41.192.113
   L.SPEEDERA.NET                                    64.0.96.22
   N.SPEEDERA.NET                                    65.169.170.140
   F.SPEEDERA.NET                                    210.224.186.3
   A.SPEEDERA.NET                                    208.185.54.61
   H.SPEEDERA.NET                                    64.14.117.35
   Y.SPEEDERA.NET                                    212.187.170.30
   Z.SPEEDERA.NET                                    216.200.69.12

$ host rfa.speedera.net Q.SPEEDERA.NET
 ...
rfa.speedera.net has address 208.254.75.133
rfa.speedera.net has address 66.7.159.165

$ host rfa.speedera.net L.SPEEDERA.NET
 ...
rfa.speedera.net has address 64.37.246.4
rfa.speedera.net has address 64.37.246.3

$ host rfa.speedera.net N.SPEEDERA.NET
 ...
rfa.speedera.net has address 65.216.78.76
rfa.speedera.net has address 64.37.246.4

$ host rfa.speedera.net F.SPEEDERA.NET
 ...
rfa.speedera.net has address 65.216.78.76
rfa.speedera.net has address 64.37.246.4

$ host rfa.speedera.net A.SPEEDERA.NET
 ...
rfa.speedera.net has address 65.216.78.76
rfa.speedera.net has address 64.28.86.231

$ host rfa.speedera.net  H.SPEEDERA.NET
 ...
rfa.speedera.net has address 65.216.78.76
rfa.speedera.net has address 64.156.240.39

$ host rfa.speedera.net  Y.SPEEDERA.NET
 ...
rfa.speedera.net has address 216.74.133.196
rfa.speedera.net has address 64.156.240.39

$ host rfa.speedera.net Z.SPEEDERA.NET
 ...
rfa.speedera.net has address 64.156.240.39
rfa.speedera.net has address 216.74.133.196


--
Troy





  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault