Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: WTF
From: ksha <ksha () mitm cl>
Date: Sat, 07 May 2011 01:27:16 -0300


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/06/2011 11:15 PM, Nick Boyce wrote:
On Fri, May 6, 2011 at 6:49 PM, Gustavo <gustavorobertux () gmail com>
wrote:

WTF ?

notebook:~$ ping www.compusa.com PING bh.georedirector.akadns.net
(127.0.0.1) 56(84) bytes of data. 64 bytes from
localhost.localdomain (127.0.0.1): icmp_req=1 ttl=64 time=0.019
ms

Same here ... this time on Windows :

F:\>ping www.compusa.com

Pinging bh.georedirector.akadns.net [127.0.0.1] with 32 bytes of
data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from
127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32
time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1: Packets: Sent = 4, Received = 4,
Lost = 0 (0% loss), Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

F:\>nslookup www.compusa.com Server: zzzz Address: 999999999

Non-authoritative answer: Name: bh.georedirector.akadns.net
Address: 127.0.0.1 Aliases: www.compusa.com,
compusa.syx.com.akadns.net


Normally I'd say that's a DNS config screwup, which would make
them unreachable (since their website is not on my system).
However, Google seems to be able to reach them if you use the "site
preview" option in the search results :
http://www.google.com/search?q=www.compusa.com

Curious.

Relevant: http://forums.opendns.com/comments.php?DiscussionID=9721

Nick -- Leave the Olympics in Greece, where they belong.

_______________________________________________ Full-Disclosure -
We believe in it. Charter:
http://lists.grok.org.uk/full-disclosure-charter.html Hosted and
sponsored by Secunia - http://secunia.com/

About dns

;; ADDITIONAL SECTION:
ns01.highspeedbackbone.net. 240003 IN    A    199.181.77.21
ns02.highspeedbackbone.net. 240003 IN    A    199.181.78.22
ns03.highspeedbackbone.net. 240003 IN    A    199.181.77.23
ns04.highspeedbackbone.net. 240003 IN    A    199.181.78.24

testing one by one ...

[ksha () warbof ~]$ dig compusa.com @199.181.77.21 AXFR

; <<>> DiG 9.8.0 <<>> compusa.com @199.181.77.21 AXFR
;; global options: +cmd
; Transfer failed.
[ksha () warbof ~]$ dig compusa.com @199.181.78.22 AXFR

; <<>> DiG 9.8.0 <<>> compusa.com @199.181.78.22 AXFR
;; global options: +cmd
; Transfer failed.
[ksha () warbof ~]$ dig compusa.com @199.181.77.23 AXFR

; <<>> DiG 9.8.0 <<>> compusa.com @199.181.77.23 AXFR
;; global options: +cmd
; Transfer failed.


and the last allow zone transfer.

compusa.com.        86400    IN    SOA    ns03.highspeedbackbone.net.
hostmaster.highspeedbackbone.net. 2008134189 10800 3600 604800 3600
compusa.com.        86400    IN    TXT    "v=spf1 ip4:206.191.131.0/24
mx -all"
compusa.com.        86400    IN    MX    10 mail.highspeedbackbone.net.
compusa.com.        86400    IN    NS    ns01.highspeedbackbone.net.
compusa.com.        86400    IN    NS    ns02.highspeedbackbone.net.
compusa.com.        86400    IN    NS    ns03.highspeedbackbone.net.
compusa.com.        86400    IN    NS    ns04.highspeedbackbone.net.
compusa.com.        900    IN    A    206.181.131.221
compusa.com.        900    IN    A    206.181.131.220
nap.miadk._domainkey.compusa.com. 5 IN    TXT    "t=y\;
p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAJ5YnwXcWzCFY6fvQ1Gd6tzI97rvvOw9PVjoekWbja1reGBMfjJ+rfwsJCQavPadAUAKbs46KUDubUgcmwe1oU9abJ3APStwgcxMXlWfvlhuSXmyDHG+HQAIrk0PsR7BBwIDAQAB\;"
nap.miadkim._domainkey.compusa.com. 5 IN TXT    "v=DKIM1\; t=y:s\;
p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAJ5YnwXcWzCFY6fvQ1Gd6tzI97rvvOw9PVjoekWbja1reGBMfjJ+rfwsJCQavPadAUAKbs46KUDubUgcmwe1oU9abJ3APStwgcxMXlWfvlhuSXmyDHG+HQAIrk0PsR7BBwIDAQAB\;"
_sip._tls.compusa.com.    300    IN    SRV    0 0 443 sip.compusa.com.
answers.compusa.com.    86400    IN    CNAME
web220.highspeedbackbone.net.
autodiscover.compusa.com. 300    IN    A    10.100.100.108
community.compusa.com.    86400    IN    CNAME
web220.highspeedbackbone.net.
comp.compusa.com.    900    IN    A    206.181.131.89
comp.compusa.com.    900    IN    A    206.181.131.49
dubdubdub.compusa.com.    60    IN    CNAME
www.compusa.com.edgekey.net.
forums.compusa.com.    86400    IN    CNAME
web220.highspeedbackbone.net.
help.compusa.com.    86400    IN    NS    ns02.highspeedbackbone.net.
help.compusa.com.    86400    IN    NS    ns01.highspeedbackbone.net.
images.compusa.com.    86400    IN    CNAME
images.compusa.com.edgesuite.net.
m.compusa.com.        300    IN    CNAME    compusa.com.velocitude.mobi.
media.compusa.com.    900    IN    A    206.181.131.89
media.compusa.com.    900    IN    A    206.181.131.49
news.compusa.com.    86400    IN    A    74.81.68.187
origin-images.compusa.com. 900    IN    A    206.181.131.89
origin-images.compusa.com. 900    IN    A    206.181.131.49
origin-www.compusa.com.    60    IN    A    206.191.131.54
origin-www.compusa.com.    60    IN    A    206.191.131.14
retail.compusa.com.    600    IN    A    10.101.132.194
reviews.compusa.com.    86400    IN    CNAME
web220.highspeedbackbone.net.
sip.compusa.com.    300    IN    A    64.94.62.157
static.compusa.com.    900    IN    A    206.181.131.89
static.compusa.com.    900    IN    A    206.181.131.49
storenet.compusa.com.    600    IN    CNAME    vnet.highspeedbackbone.net.
storenettest.compusa.com. 600    IN    CNAME
vnet.highspeedbackbone.net.
testing.compusa.com.    300    IN    A    64.94.62.194
www.compusa.com.    60    IN    CNAME    compusa.syx.com.akadns.net.
compusa.com.        86400    IN    SOA    ns03.highspeedbackbone.net.
hostmaster.highspeedbackbone.net. 2008134189 10800 3600 604800 3600
;; Query time: 1489 msec
;; SERVER: 199.181.78.24#53(199.181.78.24)
;; WHEN: Sat May  7 01:21:36 2011
;; XFR size: 40 records (messages 40, bytes 2779)




- -- 

Ninja Coder

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJNxMojAAoJEP64MfdRn+k8tU8H/13Oo6j/vnZMlvZ8gFZ8VfvU
TQgI+pr3jeQy4BMD7uPcqzY1GUUvsGsSvsmcMq/Zx65/ugIrnes5Pf/7Jx0RZ7IV
gBLVlyADSAIUVAOBGHZTqcUmaJlzrUYL6Z4NkComhusLzOrL1+uf0+umj6e4ZoDs
A9TSPzEhqbT6i7k/zSfdT8Q0zAzL4CPyawrlbczip9qbmTeF+7K8f7k6ksGN/0mr
G2aaf6Kuor9sEhEfIXeujMINhiO9iV2KJ4wEMirGk28GfP1YhcFYE3GzvOoM+xFt
bN1zB8rHBkesrjpjz0EMH5nGicZtlUQuzTNtrRJuWOhd4O1cgppJcaT7QWBeZrQ=
=YqTr
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • WTF Gustavo (May 07)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault