Re: Am I being attacked? Domain name and DNS server problem

To: debian-user@lists.debian.org
Subject: Re: Am I being attacked? Domain name and DNS server problem
From: ke6isf <ke6isf@chez-vrolet.net>
Date: Sat, 18 Mar 2006 14:41:11 -0800 (PST)
Message-id: <[🔎] Pine.LNX.4.64.0603181438020.19159@kimba.chez-vrolet.net>
In-reply-to: <[🔎] 45cff9770603181355v10c9b08ag87611770acb47354@mail.gmail.com>
References: <[🔎] 45cff9770603181355v10c9b08ag87611770acb47354@mail.gmail.com>

On Sat, 18 Mar 2006, Robert MannI wrote:

But then, when I try to resolve the ip address back to a domain, using either
"host xx.xx.xx.xx" on mac os x, or
"/usr/bin/resolveip xx.xx.xx.xx" on linux,
the ip address is resolved to a domain name that is a little bit suspicious:

ns2.decayandcorrupt.com

Is this an attack?

Not necessarily. It could be your client uses decayandcorrupt.com fortheir hosting, which itself is hosted within ev1servers.com.

I recommend using dig to find out where everything is, if you want thereal story. 'dig a $hostname' will turn up the IP address, 'dig ns$hostname' will turn up the name server. If you want the whole zone filefor inspection and to doublecheck, do 'dig @ns2.decayandcorrupt.com axfr$hostname' to get the whole zone file (and if it denies you, use ns1instead), and doublecheck the whois record for the domain name.


-Dennis

Reply to:

References:
- Am I being attacked? Domain name and DNS server problem
  - From: "Robert MannI" <robmnl@gmail.com>

Prev by Date: Re: Am I being attacked? Domain name and DNS server problem
Next by Date: Re: Poster to this lists email address not obfuscated? If so it makes this list a heaven for spam bots...:-(
Previous by thread: Re: Am I being attacked? Domain name and DNS server problem
Next by thread: Re: Am I being attacked? Domain name and DNS server problem
Index(es):
- Date
- Thread