Educause Security Discussion mailing list archives
Re: DNS weird stuff
From: Peter Moody <peter () UCSC EDU>
Date: Tue, 23 Nov 2004 13:13:03 -0800
On Tue, 2004-11-23 at 15:05 -0600, Anthony Schroeder wrote:
anyone seeing loopback addresses being reported by DNS: Non-authoritative answer: Name: goodgirlz.com Address: 127.0.0.1
Often times, when a domain is associated with IRC Command and Control (C&C) traffic, the dns administrators will re-address the A records in order to prevent clients from communicating with the C&C server. Sometimes they throw them in RFC1918 space and sometimes they throw them in 127/8. It really depends on what the policy of the particular name service company is. Having said that, I don't see any of those domains in any list of known C&C servers. If you really want to get to the bottom of this, I would attempt to contact the name service providers and ask them. Domain servers in listed order: NS.NEWDREAM.NET 66.33.206.6 NS2.NEWDREAM.NET 209.17.93.94 Regards, -Peter -- Peter Moody <peter () ucsc edu> Information Security Administrator 831/459.5409 Communications and Technology Services. UC, Santa Cruz. http://security.ucsc.edu/pgp/peter.moody.pub AS5739 :wq ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- DNS weird stuff Anthony Schroeder (Nov 23)
- <Possible follow-ups>
- Re: DNS weird stuff Peter Moody (Nov 23)
- Re: DNS weird stuff Steven Alexander (Nov 23)