DNS Hijacking by Cox
Andrew Matthews
exstatica at gmail.com
Sun Jul 22 21:56:13 UTC 2007
It looks like cox is hijacking dns for irc servers.
bash2-2.05b$ nslookup
> server 68.6.16.30
Default server: 68.6.16.30
Address: 68.6.16.30#53
> irc.vel.net
Server: 68.6.16.30
Address: 68.6.16.30#53
Name: irc.vel.net
Address: 70.168.71.144
> server ns1.vel.net
Default server: ns1.vel.net
Address: 207.182.224.10#53
> irc.vel.net
Server: ns1.vel.net
Address: 207.182.224.10#53
Name: irc.vel.net
Address: 64.161.255.2
it looks like they are using it to clean drones, when you connect to
their fake irc server you get forced joined into a channel.
#martian_
[INFO] Channel view for "#martian_" opened.
-->| YOU (andrew.m) have joined #martian_
=-= Mode #martian_ +nt by localhost.localdomain
=-= Topic for #martian_ is ".bot.remove"
=-= Topic for #martian_ was set by Marvin_ on Sunday, July 22, 2007 2:55:02 PM
=-= Topic for #martian_ is ".remove"
=-= Topic for #martian_ was set by Marvin_ on Sunday, July 22, 2007 2:55:02 PM
=-= Topic for #martian_ is ".uninstall"
=-= Topic for #martian_ was set by Marvin_ on Sunday, July 22, 2007 2:55:02 PM
=-= Topic for #martian_ is "!bot.remove"
=-= Topic for #martian_ was set by Marvin_ on Sunday, July 22, 2007 2:55:02 PM
=-= Topic for #martian_ is "!remove"
=-= Topic for #martian_ was set by Marvin_ on Sunday, July 22, 2007 2:55:02 PM
=-= Topic for #martian_ is "!uninstall"
=-= Topic for #martian_ was set by Marvin_ on Sunday, July 22, 2007 2:55:02 PM
<Marvin_> .bot.remove
<Marvin_> .remove
<Marvin_> .uninstall
<Marvin_> !bot.remove
<Marvin_> !remove
isn't there a law against hijacking dns? What can i do to persue this?
More information about the NANOG
mailing list