nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Possible login/password grabbing ploy

From: "Lehrer, Neil" <nlehrer () usia gov>
Date: Mon, 11 May 1998 13:31:28 -0400
have you asked them why.  their web page is "under contruction."

however:

Americaoffline AMERICAOFFLINE2-DOM
   7060 Hollywood Blvd.  Suite 903
   Los Angeles, CA 90028
   USA

   Domain Name: AMERICAOFFLINE.COM

   Administrative Contact:
      Fisher, Ed  EF590  america () INSTANET COM
      213-465-5407
   Technical Contact, Zone Contact:
      Laren, Tim  TL233  timl () INSTANET COM
      818-713-1313 (FAX) 818-888-0513
   Billing Contact:
      Fisher, Ed  EF590  america () INSTANET COM
      213-465-5407

   Record last updated on 05-Mar-97.
   Record created on 05-Mar-97.
   Database last updated on 11-May-98 03:39:51 EDT.

   Domain servers in listed order:

   ARAGON.INSTANET.COM          205.231.48.6
   GOLUM.INSTANET.COM           205.231.48.2



`````````

  To: nanog () merit edu
  From: Darryl Baker <dpb () concentric net>

I have found that most of the common mis-spellings of our domain name
have been registered with the Internic by a company named Americaoffline. 

Examples:
        concentic.net
        concentri.net
        concnetric.net
        consentric.net

They have also grabbed other mis-spellings of popular domains
Examples:
        aool.com
        bellsoth.com
        bellsuth.com
        hotmaiil.com
        mailexite.com
        pacbel.net
        spraynet.com

Originally I thought they were using these to build a bulk email list.
Then I found they have configured ftp addresses in each domain. This
will allow them to gather valid usernames and passwords anytime someone
makes a typo and trys to upload something to their ISP. 

We have listed their servers as bogus in our DNS configuration for now
and are looking into other more complete solutions.

Bind 8.X configuration addition:
server 205.231.48.243 { bogus yes; };
server 205.231.48.244 { bogus yes; };
-- 
   __                      _     __                  Darryl Baker
  /  )                    //    /  )       /         Sr. Systems Engineer
 /  / __.  __  __  __  , //    /--<  __.  /_  _  __  For the Concentric 
Network
/__/_(_/|_/ (_/ (_/ (_/_</_   /___/_(_/|_/ <_</_/ (_ dpb () concentric net
                     /
                    '




Regards                                     


+++++++++++++++++++++++++++++++++++++++
+ Neil Lehrer                       
+ U.S. Information Agency         
+ Networks and Systems Support Division
+                                   
+ voice    202 619-0903             
+ fax      202 619-3883             
+ internet nlehrer () usia gov         
+                                   
+ "oh what a tangled net we weave   
+  when we seek to retrieve."       
+                                  
+++++++++++++++++++++++++++++++++++++++
Previous By Date Next
Previous By Thread Next

Current thread: