[80659] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

Re: Google DNS problems?!?

daemon@ATHENA.MIT.EDU (Fergie (Paul Ferguson))
Sat May 7 23:12:52 2005

From: "Fergie (Paul Ferguson)" <fergdawg@netzero.net>
Date: Sun, 8 May 2005 03:09:40 GMT
To: poptix@poptix.net
Cc: nanog@merit.edu
Errors-To: owner-nanog@merit.edu



Well, Matthew, my boy, it appears to have been more than a
simple spyware incident on a Mac or two.

If you're not part of the solution....

- ferg


-- "Matthew S. Hallacy" <poptix@poptix.net> wrote:
On Sun, May 08, 2005 at 02:18:19AM +0000, Fergie (Paul Ferguson) wrote:
> 
> 
> Does anyone else think that its a bit odd that if it were simply
> "DNS problems" that a redirect for www.google.com would end up
> at a location which provided this:

All of the "hack" evidence is from people looking at a whois
query and fretting over:

  Server Name: GOOGLE.COM.SUCKS.FIND.CRACKZ.WITH.SEARCH.GULLI.COM
   IP Address: 80.190.192.24
   Registrar: KEY-SYSTEMS GMBH
   Whois Server: whois.rrpproxy.net
   Referral URL: http://www.key-systems.net

   Server Name: GOOGLE.COM.HAS.LESS.FREE.PORN.IN.ITS.SEARCH.ENGINE.THAN.SECZY.COM
   IP Address: 209.187.114.130
   Registrar: INNERWISE, INC. D/B/A ITSYOURDOMAIN.COM
   Whois Server: whois.itsyourdomain.com
   Referral URL: http://www.itsyourdomain.com


We've been over this before, whois queries also return nameservers,
which people take advantage of.


>  http://img179.echo.cx/img179/7959/googlehacked7to.jpg
> 
> [or]
> 
>  http://img241.echo.cx/img241/6208/googlemsn3lp.png
> 
> Seems more than simple "DNS problems" to me.
> 
> I hate being played like an idiot....
> 
> - ferg

Wow, one person being redirected to a competitors site, ever heard of
spyware? (Yes, even on a Mac)


-- 
Matthew S. Hallacy                            FUBAR, LART, BOFH Certified
http://www.poptix.net                           GPG public key 0x01938203


home help back first fref pref prev next nref lref last post