[37918] in Resnet-Forum
Re: Sendori
daemon@ATHENA.MIT.EDU (Jeff Kell)
Wed Jan 30 12:40:50 2013
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------030605000608030201090402"
Message-ID: <51095AF9.5000000@utc.edu>
Date: Wed, 30 Jan 2013 12:40:09 -0500
Reply-To: Resnet Forum <RESNET-L@LISTSERV.ND.EDU>
From: Jeff Kell <jeff-kell@UTC.EDU>
To: RESNET-L@LISTSERV.ND.EDU
In-Reply-To: <56FFE475BC71CD4E984A5F7285548C0A7DF5EBF4@Messenger9.central.edu>
--------------030605000608030201090402
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
On 1/30/2013 12:27 PM, Sandy Verhoef wrote:
>
> Today, we have had 3 machines used by faculty/staff that will add DNS
> IP numbers to machines using DHCP or change static DNS IP numbers. We
> have determined the new DNS numbers came from Sendori software. Does
> anyone know anything about where the software came from, how it was
> loaded, and why did it start today to cause problems. In at least two
> cases, it was loaded on Dec 17 or Dec 27. When we did a ping on the ip
> number -- this name came back. Sendor-rdns1.dyndns.com
>
I know it was packaged with some recent AOL Instant Messenger updates,
and presented in a manner that assumed you wanted to install it (IIRC it
was a EULA acceptance button presented with a cancel option, not a "do
you wish to install" question).
I have heard it was also included in some Skype packaging, but have not
confirmed.
We had similar issues here, we have split internal / external
nameservers, and external nameservers do not have our protected internal
resources. Anything that redirects staff DNS off-campus is not going to
find our internal resources. Sendori, making matters worse, tries to
"guess what you meant" when a DNS is not found.
It was on a couple dozen staff machines (in an office that has been
using AIM amongst themselves for a number of years), and an order of
magnitude greater number of student machines.
I'd love to wipe it off the face of the planet. We've tried to address
the faculty/staff ones, but there are too many student exceptions to try
to forcefully quarantine or elicit repairs.
Sendori operates two open recursive resolvers...
216.146.35.240 sendori-rdns1.dyndns.com
216.146.36.240 sendori-rdns2.dyndns.com
Jeff
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
--------------030605000608030201090402
Content-Type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 1/30/2013 12:27 PM, Sandy Verhoef
wrote:<br>
</div>
<blockquote
cite="mid:56FFE475BC71CD4E984A5F7285548C0A7DF5EBF4@Messenger9.central.edu"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Copperplate Gothic Light";
panose-1:2 14 5 7 2 2 6 2 4 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.hoenzb
{mso-style-name:hoenzb;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Today,
we have had 3 machines used by faculty/staff that will add
DNS IP numbers to machines using DHCP or change static DNS
IP numbers. We have determined the new DNS numbers came from
Sendori software. Does anyone know anything about where the
software came from, how it was loaded, and why did it start
today to cause problems. In at least two cases, it was
loaded on Dec 17 or Dec 27. When we did a ping on the ip
number – this name came back. Sendor-rdns1.dyndns.com</span></p>
</div>
</blockquote>
<br>
I know it was packaged with some recent AOL Instant Messenger
updates, and presented in a manner that assumed you wanted to
install it (IIRC it was a EULA acceptance button presented with a
cancel option, not a "do you wish to install" question).<br>
<br>
I have heard it was also included in some Skype packaging, but have
not confirmed.<br>
<br>
We had similar issues here, we have split internal / external
nameservers, and external nameservers do not have our protected
internal resources. Anything that redirects staff DNS off-campus is
not going to find our internal resources. Sendori, making matters
worse, tries to "guess what you meant" when a DNS is not found. <br>
<br>
It was on a couple dozen staff machines (in an office that has been
using AIM amongst themselves for a number of years), and an order of
magnitude greater number of student machines.<br>
<br>
I'd love to wipe it off the face of the planet. We've tried to
address the faculty/staff ones, but there are too many student
exceptions to try to forcefully quarantine or elicit repairs.<br>
<br>
Sendori operates two open recursive resolvers...<br>
<br>
<table width="100%" bgcolor="#FFFFFF" border="0" cellpadding="0"
cellspacing="0">
<tbody>
<tr bgcolor="#FFFFFF">
<td valign="top" align="center"> 216.146.35.240
</td>
<td valign="top" align="center"> sendori-rdns1.dyndns.com
</td>
</tr>
<tr bgcolor="#FFFFFF">
<td valign="top" align="center"> 216.146.36.240
</td>
<td valign="top" align="center"> sendori-rdns2.dyndns.com
</td>
</tr>
</tbody>
</table>
<br>
<br>
Jeff<br>
</body>
</html>
___________________________________________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to <a href="http://LISTSERV.ND.EDU/archives/resnet-l.html" target="_blank">http://LISTSERV.ND.EDU/archives/resnet-l.html</a>
___________________________________________________
--------------030605000608030201090402--
