Possible login/password grabbing ploy
Lehrer, Neil
nlehrer at usia.gov
Mon May 11 17:31:28 UTC 1998
have you asked them why. their web page is "under contruction."
however:
Americaoffline AMERICAOFFLINE2-DOM
7060 Hollywood Blvd. Suite 903
Los Angeles, CA 90028
USA
Domain Name: AMERICAOFFLINE.COM
Administrative Contact:
Fisher, Ed EF590 america at INSTANET.COM
213-465-5407
Technical Contact, Zone Contact:
Laren, Tim TL233 timl at INSTANET.COM
818-713-1313 (FAX) 818-888-0513
Billing Contact:
Fisher, Ed EF590 america at INSTANET.COM
213-465-5407
Record last updated on 05-Mar-97.
Record created on 05-Mar-97.
Database last updated on 11-May-98 03:39:51 EDT.
Domain servers in listed order:
ARAGON.INSTANET.COM 205.231.48.6
GOLUM.INSTANET.COM 205.231.48.2
`````````
To: nanog at merit.edu
From: Darryl Baker <dpb at concentric.net>
I have found that most of the common mis-spellings of our domain name
have been registered with the Internic by a company named Americaoffline.
Examples:
concentic.net
concentri.net
concnetric.net
consentric.net
They have also grabbed other mis-spellings of popular domains
Examples:
aool.com
bellsoth.com
bellsuth.com
hotmaiil.com
mailexite.com
pacbel.net
spraynet.com
Originally I thought they were using these to build a bulk email list.
Then I found they have configured ftp addresses in each domain. This
will allow them to gather valid usernames and passwords anytime someone
makes a typo and trys to upload something to their ISP.
We have listed their servers as bogus in our DNS configuration for now
and are looking into other more complete solutions.
Bind 8.X configuration addition:
server 205.231.48.243 { bogus yes; };
server 205.231.48.244 { bogus yes; };
--
__ _ __ Darryl Baker
/ ) // / ) / Sr. Systems Engineer
/ / __. __ __ __ , // /--< __. /_ _ __ For the Concentric
Network
/__/_(_/|_/ (_/ (_/ (_/_</_ /___/_(_/|_/ <_</_/ (_ dpb at concentric.net
/
'
Regards
+++++++++++++++++++++++++++++++++++++++
+ Neil Lehrer
+ U.S. Information Agency
+ Networks and Systems Support Division
+
+ voice 202 619-0903
+ fax 202 619-3883
+ internet nlehrer at usia.gov
+
+ "oh what a tangled net we weave
+ when we seek to retrieve."
+
+++++++++++++++++++++++++++++++++++++++
More information about the NANOG
mailing list