Hello, aljazeera.net domain owned. Per what the Chief Editor of www.aljazeera.net told me in the phone a while ago the domain isn't in their control anymore. all the info got changed and they are wondering how did this happen. A visit to the website now would explian it all. Thanks, -Abdullah
On Thu, Mar 27, 2003 at 07:14:13PM +0300, Abdullah Ibn Hamad Al-Marri wrote:
Hello,
aljazeera.net domain owned.
from whois.crsnic.net seems the nameservers are pointing to NSx.MYDOMAIN.COM verisign whois gives diffrent nameservers. could it be that someone hijacked the domain off verisign (and they fixed it) or what other possibilites could have happened there ? -Subhi -- Subhi S Hashwa *** subhi@thebigboss.com --- When everything's coming your way, you're in the wrong lane.
according to the nsi retail interface, the contacts are: jazeera space channel tv station (account holder) mj alaliaj7476 (administrative contact) (they are not one of my retail or wholesale customers, and i'm not operational as a com/net registrar, yet.) it is simple enough for them to change the .com zone ns records for their SLD. folks wanting to move the data from nanog to a web page, just sent it to me, i'll add it as an annex to my "what little i know about .iq" page, at nic-iq.nic-naa.net eric
On Thu, 27 Mar 2003, Abdullah Ibn Hamad Al-Marri wrote:
aljazeera.net domain owned.
Per what the Chief Editor of www.aljazeera.net told me in the phone a while ago the domain isn't in their control anymore.
all the info got changed and they are wondering how did this happen.
Probably one of the usual methods. Al Jazeera forgot (or the security consultant Al Jazeera hired) to implement approriate security controls for their domain records, and someone forged a registry update. This has happened in the past to numerous other domains, such as AOL.COM, SEX.COM and others. There are several levels of security controls a domain name holder can optionally use. The default level of security is extremely low, and easily spoofed. The domain name holder must take steps to implement additional security controls. Unfortunately, relatively few domain name holders take those additional steps, leaving their domain names vulnerable to unauthorized updates. It appears Al Jazeera is learning the same lessons that other highly visible web sites, e.g. Ebay, CNN, MSNBC, Yahoo, etc, learned years ago. If Al Jazeera doesn't have the in-house expertise to maintain its service, I'm sure there are numerous consulting firms looking for business which could assist them for a moderate fee.
Earlier today I logged a disparity between the NSI web whois interface and the whois commandline interface outputs (http://nic-iq.nic-naa.net, bottom of page). I sent mail to two contacts inside Verisign, and at 4:30pm EST, the hijack appears to be over, at least as far as NS records are concerned.
Hmm - don't think so - although nothing is up there - www.aljazeera.net resolves to 127.0.0.1. This is from the MYDOMAIN.COM nameservers listed as the auth for this domain: ; <<>> DiG 8.2 <<>> ns aljazeera.net @b.gtld-servers.net ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6 ;; flags: qr rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4 ;; QUERY SECTION: ;; aljazeera.net, type = NS, class = IN ;; ANSWER SECTION: aljazeera.net. 2D IN NS NS4.MYDOMAIN.COM. aljazeera.net. 2D IN NS NS1.MYDOMAIN.COM. aljazeera.net. 2D IN NS NS2.MYDOMAIN.COM. aljazeera.net. 2D IN NS NS3.MYDOMAIN.COM. ;; ADDITIONAL SECTION: NS4.MYDOMAIN.COM. 2D IN A 63.251.83.74 NS1.MYDOMAIN.COM. 2D IN A 64.94.117.195 NS2.MYDOMAIN.COM. 2D IN A 216.52.121.228 NS3.MYDOMAIN.COM. 2D IN A 66.150.161.130 ;; Total query time: 80 msec ;; FROM: LAIR.LION to SERVER: b.gtld-servers.net 192.33.14.30 ;; WHEN: Thu Mar 27 16:38:14 2003 ;; MSG SIZE sent: 31 rcvd: 179 LAIR$ dig www.aljazeera.net @ns1.mydomain.com ; <<>> DiG 8.2 <<>> www.aljazeera.net @ns1.mydomain.com ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4 ;; QUERY SECTION: ;; www.aljazeera.net, type = A, class = IN ;; ANSWER SECTION: www.aljazeera.net. 2M IN A 127.0.0.1 ;; AUTHORITY SECTION: aljazeera.net. 2M IN NS ns1.mydomain.com. aljazeera.net. 2M IN NS ns2.mydomain.com. aljazeera.net. 2M IN NS ns3.mydomain.com. aljazeera.net. 2M IN NS ns4.mydomain.com. ;; ADDITIONAL SECTION: ns1.mydomain.com. 30M IN A 64.94.117.195 ns2.mydomain.com. 30M IN A 216.52.121.228 ns3.mydomain.com. 30M IN A 66.150.161.130 ns4.mydomain.com. 30M IN A 63.251.83.74 ;; Total query time: 117 msec ;; FROM: LAIR.LION to SERVER: ns1.mydomain.com 64.94.117.195 ;; WHEN: Thu Mar 27 16:38:28 2003 ;; MSG SIZE sent: 35 rcvd: 199 ----- Original Message ----- From: "Eric Brunner-Williams in Portland Maine" <brunner@nic-naa.net> To: "Sean Donelan" <sean@donelan.com> Cc: "Abdullah Ibn Hamad Al-Marri" <arabian@ArabChat.Org>; <nanog@merit.edu>; <brunner@nic-naa.net> Sent: Thursday, March 27, 2003 15:30 Subject: Re: aljazeera.net domain owned.
Earlier today I logged a disparity between the NSI web whois interface and the whois commandline interface outputs (http://nic-iq.nic-naa.net, bottom of page).
I sent mail to two contacts inside Verisign, and at 4:30pm EST, the hijack appears to be over, at least as far as NS records are concerned.
Looks like 213.30.180.218 allows unrestricted zone transfers.
ls -d ALJAZEERA.NET. [[213.30.180.218]] $ORIGIN aljazeera.net. @ 15M IN SOA ns3 dnsadmin.nav-link.net. ( 2003032706 ; serial 3H ; refresh 1H ; retry 1W ; expiry 15M ) ; minimum
15M IN NS ns1sa.navlink.com. 15M IN NS ns3 15M IN MX 10 mail 15M IN A 213.30.180.219 ns3 15M IN A 213.30.180.218 admin 15M IN A 213.30.180.219 synadmin 15M IN A 213.30.180.220 english 15M IN A 213.30.180.219 jazad01 15M IN A 213.30.180.220 wrc 15M IN A 213.30.180.222 jazad02 15M IN A 213.30.180.220 cm 15M IN A 213.130.180.216 syndication 15M IN A 213.30.180.220 jazad 15M IN A 213.30.180.220 mail 15M IN A 64.110.61.12 www 15M IN CNAME @ bm 15M IN A 213.30.180.221 www1 15M IN A 213.30.180.219 www2 15M IN A 213.30.180.219 ftp 15M IN CNAME @ stats 15M IN A 213.30.180.222 users 15M IN A 213.30.180.219 @ 15M IN SOA ns3 dnsadmin.nav-link.net. ( 2003032706 ; serial 3H ; refresh 1H ; retry 1W ; expiry 15M ) ; minimum
Handy to do a quick update on any servers doing recursion. ---Mike At 03:48 PM 27/03/2003 -0600, John Palmer wrote:
Hmm - don't think so - although nothing is up there - www.aljazeera.net resolves to 127.0.0.1. This is from the MYDOMAIN.COM nameservers listed as the auth for this domain:
; <<>> DiG 8.2 <<>> ns aljazeera.net @b.gtld-servers.net ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6 ;; flags: qr rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4 ;; QUERY SECTION: ;; aljazeera.net, type = NS, class = IN
;; ANSWER SECTION: aljazeera.net. 2D IN NS NS4.MYDOMAIN.COM. aljazeera.net. 2D IN NS NS1.MYDOMAIN.COM. aljazeera.net. 2D IN NS NS2.MYDOMAIN.COM. aljazeera.net. 2D IN NS NS3.MYDOMAIN.COM.
;; ADDITIONAL SECTION: NS4.MYDOMAIN.COM. 2D IN A 63.251.83.74 NS1.MYDOMAIN.COM. 2D IN A 64.94.117.195 NS2.MYDOMAIN.COM. 2D IN A 216.52.121.228 NS3.MYDOMAIN.COM. 2D IN A 66.150.161.130
;; Total query time: 80 msec ;; FROM: LAIR.LION to SERVER: b.gtld-servers.net 192.33.14.30 ;; WHEN: Thu Mar 27 16:38:14 2003 ;; MSG SIZE sent: 31 rcvd: 179
LAIR$ dig www.aljazeera.net @ns1.mydomain.com
; <<>> DiG 8.2 <<>> www.aljazeera.net @ns1.mydomain.com ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4 ;; QUERY SECTION: ;; www.aljazeera.net, type = A, class = IN
;; ANSWER SECTION: www.aljazeera.net. 2M IN A 127.0.0.1
;; AUTHORITY SECTION: aljazeera.net. 2M IN NS ns1.mydomain.com. aljazeera.net. 2M IN NS ns2.mydomain.com. aljazeera.net. 2M IN NS ns3.mydomain.com. aljazeera.net. 2M IN NS ns4.mydomain.com.
;; ADDITIONAL SECTION: ns1.mydomain.com. 30M IN A 64.94.117.195 ns2.mydomain.com. 30M IN A 216.52.121.228 ns3.mydomain.com. 30M IN A 66.150.161.130 ns4.mydomain.com. 30M IN A 63.251.83.74
;; Total query time: 117 msec ;; FROM: LAIR.LION to SERVER: ns1.mydomain.com 64.94.117.195 ;; WHEN: Thu Mar 27 16:38:28 2003 ;; MSG SIZE sent: 35 rcvd: 199
----- Original Message ----- From: "Eric Brunner-Williams in Portland Maine" <brunner@nic-naa.net> To: "Sean Donelan" <sean@donelan.com> Cc: "Abdullah Ibn Hamad Al-Marri" <arabian@ArabChat.Org>; <nanog@merit.edu>; <brunner@nic-naa.net> Sent: Thursday, March 27, 2003 15:30 Subject: Re: aljazeera.net domain owned.
Earlier today I logged a disparity between the NSI web whois interface and the whois commandline interface outputs (http://nic-iq.nic-naa.net, bottom of page).
I sent mail to two contacts inside Verisign, and at 4:30pm EST, the hijack appears to be over, at least as far as NS records are concerned.
participants (6)
-
Abdullah Ibn Hamad Al-Marri
-
Eric Brunner-Williams in Portland Maine
-
John Palmer
-
Mike Tancsa
-
Sean Donelan
-
Subhi S Hashwa