[16734] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

Possible login/password grabbing ploy

daemon@ATHENA.MIT.EDU (Darryl Baker)
Mon May 11 11:39:30 1998

From: Darryl Baker <dpb@concentric.net>
To: nanog@merit.edu
Date: Mon, 11 May 1998 11:30:03 -0400 (EDT)

I have found that most of the common mis-spellings of our domain name
have been registered with the Internic by a company named Americaoffline. 
Examples:
	concentic.net
	concentri.net
	concnetric.net
	consentric.net

They have also grabbed other mis-spellings of popular domains
Examples:
	aool.com
	bellsoth.com
	bellsuth.com
	hotmaiil.com
	mailexite.com
	pacbel.net
	spraynet.com

Originally I thought they were using these to build a bulk email list.
Then I found they have configured ftp addresses in each domain. This
will allow them to gather valid usernames and passwords anytime someone
makes a typo and trys to upload something to their ISP. 

We have listed their servers as bogus in our DNS configuration for now
and are looking into other more complete solutions.

Bind 8.X configuration addition:
server 205.231.48.243 { bogus yes; };
server 205.231.48.244 { bogus yes; };
-- 
   __                      _     __		     Darryl Baker
  /  )                    //    /  )       /	     Sr. Systems Engineer
 /  / __.  __  __  __  , //    /--<  __.  /_  _  __  For the Concentric Network
/__/_(_/|_/ (_/ (_/ (_/_</_   /___/_(_/|_/ <_</_/ (_ dpb@concentric.net
                     /
                    '

home help back first fref pref prev next nref lref last post