Always renew your domain names
Looks like someone forgot to renew there domain name and another party decided to do it for them, with some slight changes: host 206.108.102.93 93.102.108.206.in-addr.arpa domain name pointer bells-network-has-lots-of-security-holes-to-exploit.bell-nexxia.net
On Fri, Dec 05, 2003 at 11:07:24AM -0600, Mike Hyde wrote:
Looks like someone forgot to renew there domain name and another party decided to do it for them, with some slight changes:
host 206.108.102.93 93.102.108.206.in-addr.arpa domain name pointer bells-network-has-lots-of-security-holes-to-exploit.bell-nexxia.net
This isn't a lapsed domain registration issue; we're not talking about A records. It doesn't strike you as odd (read 'a security issue') that the PTR records have been changed? -- Luca Filipozzi, ECE Dept. IT Manager, University of British Columbia gpgkey 5A827A2D - A149 97BD 188C 7F29 779E 09C1 3573 32C4 5A82 7A2D
On Dec 5, 2003, at 12:20 PM, Luca Filipozzi wrote:
On Fri, Dec 05, 2003 at 11:07:24AM -0600, Mike Hyde wrote:
Looks like someone forgot to renew there domain name and another party decided to do it for them, with some slight changes:
host 206.108.102.93 93.102.108.206.in-addr.arpa domain name pointer bells-network-has-lots-of-security-holes-to-exploit.bell-nexxia.net
This isn't a lapsed domain registration issue; we're not talking about A records. It doesn't strike you as odd (read 'a security issue') that the PTR records have been changed?
It is absolutely a lapsed domain issue. The authoritive (arpa) servers for the netblock in question (and several other bell blocks) are taz and pluto.bell-nexxia.net I registered it last year (after getting sick of waiting for lookups to timeout on traceroutes), created the proper glue records to the original NS's and tried to give it back to bell via all available channels, nobody seemed to care, so I let it expire.
-- Luca Filipozzi, ECE Dept. IT Manager, University of British Columbia gpgkey 5A827A2D - A149 97BD 188C 7F29 779E 09C1 3573 32C4 5A82 7A2D
-- Matt Levine <matt@deliver3.com> "The Trouble with doing anything right the first time is that nobody appreciates how difficult it was." -BIX
On Fri, Dec 05, 2003 at 12:29:49PM -0500, Matt Levine wrote:
It is absolutely a lapsed domain issue. The authoritive (arpa) servers for the netblock in question (and several other bell blocks) are taz and pluto.bell-nexxia.net
My mistake; replied too hastily.
I registered it last year (after getting sick of waiting for lookups to timeout on traceroutes), created the proper glue records to the original NS's and tried to give it back to bell via all available channels, nobody seemed to care, so I let it expire.
I would hope that this would get their attention, but after your attempt, I won't hold my breath. Thanks for clarifying. -- Luca Filipozzi, ECE Dept. IT Manager, University of British Columbia gpgkey 5A827A2D - A149 97BD 188C 7F29 779E 09C1 3573 32C4 5A82 7A2D
On Dec 5, 2003, at 12:20 PM, Luca Filipozzi wrote:
On Fri, Dec 05, 2003 at 11:07:24AM -0600, Mike Hyde wrote:
Looks like someone forgot to renew there domain name and another party decided to do it for them, with some slight changes:
host 206.108.102.93 93.102.108.206.in-addr.arpa domain name pointer bells-network-has-lots-of-security-holes-to-exploit.bell-nexxia.net
This isn't a lapsed domain registration issue; we're not talking about A records. It doesn't strike you as odd (read 'a security issue') that the PTR records have been changed?
It is absolutely a lapsed domain issue. The authoritive (arpa) servers for the netblock in question (and several other bell blocks) are taz and pluto.bell-nexxia.net I registered it last year (after getting sick of waiting for lookups to timeout on traceroutes), created the proper glue records to the original NS's and tried to give it back to bell via all available channels, nobody seemed to care, so I let it expire.
-- Luca Filipozzi, ECE Dept. IT Manager, University of British Columbia gpgkey 5A827A2D - A149 97BD 188C 7F29 779E 09C1 3573 32C4 5A82 7A2D
-- Matt Levine <matt@deliver3.com> "The Trouble with doing anything right the first time is that nobody appreciates how difficult it was." -BIX
On Fri, 05 Dec 2003 09:20:04 PST, Luca Filipozzi <lucaf+nanog@ece.ubc.ca> said:
93.102.108.206.in-addr.arpa domain name pointer bells-network-has-lots-of-security-holes-to-exploit.bell-nexxia.net
This isn't a lapsed domain registration issue; we're not talking about A records. It doesn't strike you as odd (read 'a security issue') that the PTR records have been changed?
Well, a PTR can point *anywhere* as long as you control the zone. The only thing that made it remotely interesting was this SOA: 102.108.206.in-addr.arpa. 0 IN SOA pluto.bell-nexxia.net. help.bell-nexxia.net. 2003110400 28800 7200 604800 86400 It's interesting that googling for 'bell-nexxia.net' doesnt actually hit anything. Who did you THINK owned that domain and address space?
On 5 Dec 2003, at 12:20, Luca Filipozzi wrote:
On Fri, Dec 05, 2003 at 11:07:24AM -0600, Mike Hyde wrote:
Looks like someone forgot to renew there domain name and another party decided to do it for them, with some slight changes:
host 206.108.102.93 93.102.108.206.in-addr.arpa domain name pointer bells-network-has-lots-of-security-holes-to-exploit.bell-nexxia.net
This isn't a lapsed domain registration issue; we're not talking about A records. It doesn't strike you as odd (read 'a security issue') that the PTR records have been changed?
Bell's ARIN records show 102.108.206.in-addr.arpa delegated to nameservers named under bell-nexxia.net, which is a zone that Bell do not currently run. If you believe the dates returned by whois.crsnic.net, "bell-nexxia.net" was only recently registered, while "bellnexxia.net" was registered in 1999. Maybe someone at Bell typo'd nameserver names when they filled out the paperwork for 206.108/20, and someone else got fed up with waiting for them to fix it (and hence the reverse DNS for these blocks). Joe
participants (6)
-
Joe Abley -
Luca Filipozzi -
Matt Levine -
Matt Levine -
Mike Hyde -
Valdis.Kletnieks@vt.edu