On Sat, 18 Mar 2006, Robert MannI wrote:
But then, when I try to resolve the ip address back to a domain, using either "host xx.xx.xx.xx" on mac os x, or "/usr/bin/resolveip xx.xx.xx.xx" on linux, the ip address is resolved to a domain name that is a little bit suspicious: ns2.decayandcorrupt.com Is this an attack?
Not necessarily. It could be your client uses decayandcorrupt.com for their hosting, which itself is hosted within ev1servers.com.
I recommend using dig to find out where everything is, if you want the real story. 'dig a $hostname' will turn up the IP address, 'dig ns $hostname' will turn up the name server. If you want the whole zone file for inspection and to doublecheck, do 'dig @ns2.decayandcorrupt.com axfr $hostname' to get the whole zone file (and if it denies you, use ns1 instead), and doublecheck the whois record for the domain name.
-Dennis