[63133] in North American Network Operators' Group
RE: OT: CPAN hacked or fubar'd?
daemon@ATHENA.MIT.EDU (Eric Germann)
Sun Sep 28 17:38:32 2003
Reply-To: <ekgermann@cctec.com>
From: "Eric Germann" <ekgermann@cctec.com>
To: "Rachael Treu" <rara@navigo.com>
Cc: <nanog@nanog.org>
Date: Sun, 28 Sep 2003 17:33:03 -0400
In-Reply-To: <20030928213312.GA13171@www.complete-ideas.com>
Errors-To: owner-nanog-outgoing@merit.edu
Hmmmmmmm.......
bash-2.05$ dig www.cpan.org
; <<>> DiG 8.3 <<>> www.cpan.org=20
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 3
;; QUERY SECTION:
;; www.cpan.org, type =3D A, class =3D IN
;; ANSWER SECTION:
www.cpan.org. 23h38m8s IN CNAME x2.develooper.com.
x2.develooper.com. 1h38m8s IN A 213.150.60.27
;; AUTHORITY SECTION:
develooper.com. 2d23h38m8s IN NS ns2.develooper.com.
develooper.com. 2d23h38m8s IN NS ns3.develooper.com.
develooper.com. 2d23h38m8s IN NS ns.develooper.com.
;; ADDITIONAL SECTION:
ns.develooper.com. 1d23h34m37s IN A 63.251.223.170
ns2.develooper.com. 1h38m8s IN A 213.150.60.27
ns3.develooper.com. 1h38m8s IN A 213.150.60.27
;; Total query time: 37 msec
;; FROM: petros.cctec.net to SERVER: default -- 172.28.0.20
;; WHEN: Sun Sep 28 17:26:56 2003
;; MSG SIZE sent: 30 rcvd: 178
bash-2.05$ telnet www.cpan.org 80
Trying 213.150.60.27...
Connected to x2.develooper.com.
Escape character is '^]'.
GET / HTTP/1.0
HTTP/1.1 302 Found
Date: Sun, 28 Sep 2003 21:28:12 GMT
Server: Apache/1.3.29-dev (Unix) PHP/4.3.3 mod_perl/1.28_01-dev
Location: http://www.netcetera.dk
Content-Type: text/html; charset=3Diso-8859-1
Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A HREF=3D"http://www.netcetera.dk">here</A>.<P>
<HR>
<ADDRESS>Apache/1.3.29-dev Server at virtualhost.netc.dk Port =
80</ADDRESS>
</BODY></HTML>
Connection closed by foreign host.
Same with a host header using HTTP/1.1 ...
> -----Original Message-----
> From: Rachael Treu [mailto:rara@navigo.com]
> Sent: Sunday, September 28, 2003 5:33 PM
> To: Eric Germann
> Cc: nanog@nanog.org
> Subject: Re: OT: CPAN hacked or fubar'd?
>=20
>=20
> I'm not able to duplicate what you report. All indications from
> the vectors I've tried are that CPAN is alive and well.
>=20
> Got more info?
>=20
> --ra
>=20
> On Sun, Sep 28, 2003 at 05:10:58PM -0400, Eric Germann said=20
> something to the effect of:
> >=20
> > Anyone know whats up with CPAN? http://www.cpan.org points to
> > http://www.netcetera.dk
> >=20
> > Pointers would be appreciated and also if we can trust the CPAN=20
> module to
> > install modules.
> >=20
> >=20
> >=20
> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> > Eric Germann CCTec
> > ekgermann@cctec.com Van Wert OH =
45891
> > http://www.cctec.com Ph: 419 968 =
2640
> > Fax: 603 825 =
5893
> >=20
> > "The fact that there are actually ways of knowing and characterizing =
the
> > extent of one=E2=80=99s ignorance, while still remaining ignorant, =
may=20
> ultimately be
> > more interesting and useful to people than Yarkovsky"
> >=20
> > -- Jon Giorgini of NASA=E2=80=99s Jet Propulsion Laboratory
> >=20
>=20
> --=20
> K. Rachael Treu, CISSP rara@navigo.com
> .Fata viam invenient..
>=20
>=20
