[mdk-re] Приколы с DNS -- как давить

ALT Linux Community general discussions
 help / color / mirror / Atom feed

From: Mikhail Zabaluev <mhz@alt-linux.org>
To: mandrake-russian@altlinux.ru
Subject: [mdk-re] Приколы с DNS -- как давить
Date: Mon Mar 18 13:51:22 2002
Message-ID: <20020318105641.GD7063@mhz.mikhail.zabaluev.name> (raw)
In-Reply-To: <3C94D2C2.D55FDE72@altlinux.ru>

Hello cornet,

On Sun, Mar 17, 2002 at 08:30:42PM +0300, cornet wrote:
>
> Konstantin Lepikhov wrote:
> > 
> > Здравтсвуйте!
> > 
> > Заметил тут на днях странные глюки, просматривая /var/log/maillog :)
> > Кто-очень настойчиво долбился к несуществующему юзеру, нагло предлагая ему
> > какие-то залеажвшиеся новости спорта. Выявили хост - это был
> > mail.enternet.ru. И вот тут началось самое интересное:
> > 
> > $ nslookup mail.enternet.ru
> > 
> > Server:  localhost
> > Address:  127.0.0.1
> > 
> > Non-authoritative answer:
> > Name:    mail.enternet.ru
> > Address:  127.0.0.1
> > 
> > 8- ()
> > 
> > $ nslookup mail.enternet.ru host.els.ru
> > 
> > Server:  linux.els.ru <-- это DNS конкурирующих провайдеров :)
> > Address:  80.73.174.9
> > 
> > Non-authoritative answer:
> > Name:    mail.enternet.ru
> > Address:  127.0.0.1
> > 
> > $ dig mail.enternet.ru
> > 
> > ; <<>> DiG 8.3 <<>> mail.enternet.ru
> > ;; res options: init recurs defnam dnsrch
> > ;; got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
> > ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 5
> > ;; QUERY SECTION:
> > ;;      mail.enternet.ru, type = A, class = IN
> > 
> > ;; ANSWER SECTION:
> > mail.enternet.ru.       11h46m38s IN A  127.0.0.1
> > 
> > ;; AUTHORITY SECTION:
> > enternet.ru.            11h46m38s IN NS  ns.enter.ru.
> > enternet.ru.            11h46m38s IN NS  ns1.enter.ru.
> > enternet.ru.            11h46m38s IN NS  ns2.enter.ru.
> > enternet.ru.            11h46m38s IN NS  ns3.enter.ru.
> > enternet.ru.            11h46m38s IN NS  ns4.enter.ru.
> > 
> > ;; ADDITIONAL SECTION:
> > ns.enter.ru.            23h46m45s IN A  212.42.63.52
> > ns1.enter.ru.           11h46m45s IN A  212.42.63.55
> > ns2.enter.ru.           11h46m45s IN A  212.42.63.54
> > ns3.enter.ru.           11h46m45s IN A  195.170.225.179
> > ns4.enter.ru.           11h46m45s IN A  195.170.225.180
> > 
> > ;; Total query time: 1 msec
> > ;; FROM: lks.home to SERVER: default -- 127.0.0.1
> > ;; WHEN: Sun Mar 17 19:48:22 2002
> > ;; MSG SIZE  sent: 34  rcvd: 225
> > 
> > Спамеры? Или кривые руки? :)
> 
> Так. Полностью подтверждаю и добавляю к сказанному:
> 
> [cornet@smart cornet]$ nslookup mail.enternet.ru 212.42.63.52
> Server:  monster
> Address:  212.42.63.52
> 
> Name:    mail.enternet.ru
> Address:  127.0.0.1
> 
> Это я резольвил через ns.enter.ru
> И еще
> [cornet@smart cornet]$ nslookup enternet.ru
> Server:  localhost
> Address:  127.0.0.1
> 
> Non-authoritative answer:
> Name:    enternet.ru
> Address:  212.42.63.52
> 
> У кого нибудь есть мысли на эту тему??

Подписаться в список рассылки ru-zone на ripn.net:
http://www.ripn.net/nic/lists.html

И слить туда информацию о хосте и выдержки из логов почтового
сервера. Я думаю, многих там заинтересует.
Владельцам зоны гарантированы проблемы.

-- 
Stay tuned,
  MhZ                                     JID: mookid@jabber.org
___________
I don't know half of you half as well as I should like; and I like less
than half of you half as well as you deserve.
		-- J. R. R. Tolkien

next prev parent reply	other threads:[~2002-03-18 13:51 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-03-17 20:19 [mdk-re] Приколы с named? Konstantin Lepikhov
2002-03-17 20:31 ` cornet
2002-03-17 20:37   ` Любимов А.В.
2002-03-17 22:04     ` [mdk-re] " Konstantin Lepikhov
2002-03-18 13:51   ` Mikhail Zabaluev [this message]
2002-03-18  9:14 ` [mdk-re] Re: [mdk-re] " mandrake
2002-03-18 13:19   ` cornet

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20020318105641.GD7063@mhz.mikhail.zabaluev.name \
    --to=mhz@alt-linux.org \
    --cc=mandrake-russian@altlinux.ru \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

ALT Linux Community general discussions

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 community community/ http://lore.altlinux.org/community \
		mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com
	public-inbox-index community

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://lore.altlinux.org/org.altlinux.lists.community


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git