[38936] in North American Network Operators' Group
Re: Exodus Down
daemon@ATHENA.MIT.EDU (Brett Frankenberger)
Sat Jun 23 21:26:36 2001
Message-Id: <200106240121.UAA21456@rbfux.rbfnet.com>
To: deem@wdm.com (Dee McKinney)
Date: Sat, 23 Jun 2001 20:20:57 -0500 (CDT)
From: "Brett Frankenberger" <rbf@rbfnet.com>
Cc: nanog@merit.edu
In-Reply-To: <200106240106.f5O16hI07300@papa.wdm.com> from "Dee McKinney" at Jun 23, 2001 05:06:42 PM
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
> Forwarded message from "Lewis E. Wolfgang" <wolfgang@nosc.mil>
>
> Something is definitely rotten here.
>
> Whois reports:
>
> Server Name: SLASHDOT.ORG.SUCKS.COMPARED.TO.JIMPHILLIPS.ORG
> IP Address: 24.240.60.16
> Registrar: TUCOWS, INC.
> Whois Server: whois.opensrs.net
> Referral URL: http://www.opensrs.org
>
> Domain Name: SLASHDOT.ORG
> Registrar: NETWORK SOLUTIONS, INC.
> Whois Server: whois.networksolutions.com
> Referral URL: http://www.networksolutions.com
> Name Server: NS1.ANDOVER.NET
> Name Server: NS2.ANDOVER.NET
> Updated Date: 13-jun-2001
>
> I've never seen whois report two registrars, especially one that says
> "SLASHDOT.ORG.SUCKS.COMPARED.TO.JIMPHILLIPS.ORG"
Then you haven't been reading here for very long. Every couple of
months, someone does a query like this and posts the results thinking
they've found something signifigant. They haven't. What they have
found is that someone:
(1) Registered JIMPHILLIPS.ORG,
(2) Created a Name Server in the JIMPHILLIPS.ORG domain,
(3) Decided to name that server:
"SLASHDOT.ORG.SUCKS.COMPARED.TO.JIMPHILLIPS.ORG"
For more fun, try "whois -h whois.internic.net microsoft.com".
> I'd guess that some cracker broke something somewhere? Maybe a
> DNS crack? Maybe Andover went bankrupt and pulled the plug
> on us? Maybe Micro$oft is behind this?
Well, somthign might well be going on. But it has absolutely nothing
to do with the fact that someone registered a name server whose name
comtains the string "SLASHDOT.ORG".
Merit, for example, could create a new nameserver and call it:
SLASHDOT.ORG.REALLY.SUCKS.MERIT.EDU
and then three things would show up with you did a whois on
slashdot.org.
-- Brett
