Am I being attacked? Domain name and DNS server problem
Hello!
This is most likely the wrong list, but I can't find a linux security
list and this is a little bit urgent! Maybe someone off this list can
give me some pointers.
My client has a domain. When I ping the domain, it resolves to the IP
address of the dedicated server he is hosting on.
But then, when I try to resolve the ip address back to a domain, using either
"host xx.xx.xx.xx" on mac os x, or
"/usr/bin/resolveip xx.xx.xx.xx" on linux,
the ip address is resolved to a domain name that is a little bit suspicious:
ns2.decayandcorrupt.com
Is this an attack? Resolving an ip address to a hostname shouldn't
return a nameserver, should it?
Since the domain name utimately resolves to the correct IP address,
requests to the website are successfull, and return the files we have
hosted on the server.
But the other way around, i.e. that the ip resolves to such an weird
domain name, is a little bit suspicious to me.
ANY pointers would be helpful. We're a little bit desperate as support
of our hosting companies wasn't very helpful, so I thought I'd ask
here, since, IMO, this smells a little bit.
Thanks,
Robert
Reply to: