Educause Security Discussion mailing list archives
Re: Microsoft the source of all evil?? Simple question
From: Morrow Long <morrow.long () YALE EDU>
Date: Wed, 13 Feb 2008 18:59:26 -0500
On Feb 13, 2008, at 12:37 PM, Gary Flynn wrote:
I thought the second nslookup command below was odd too: nslookup ofallevil.com Non-authoritative answer: Name: ofallevil.com Address: 209.62.14.146 nslookup thesource.ofallevil.com Non-authoritative answer: Name: lb1.www.ms.akadns.net Addresses: 207.46.19.254, 207.46.192.254, 207.46.193.254, 207.46.19.190 Aliases: thesource.ofallevil.com, www.microsoft.com toggle.www.ms.akadns.net, g.www.ms.akadns.net
There is just a very long 'alias' (DNS CNAME) chain going on here: 1. thesource.ofallevil.com is an alias which points to www.microsoft.com. 2. www.microsoft.com (is Akamaized and) is an alias which points to the alias toggle.www.ms.akadns.net. 3. toggle.www.ms.akadns.net is an alias pointing to g.www.ms.akadns.net (most likely is can also do round-robin DNS to other X.www.ms.akadns.net names) 4. g.www.ms.akadns.net is an alias which points to lb1.www.ms.akadns.net. 5. lb1.www.ms.akadns.net has 4 different IP addresses. 6. The 4 IP addresses are registered to Microsoft (and MSN and Hotmail). 7. The Tier 1 ISP for the Microsoft public network 207.46.* apparently is Level3.Net. morrow-longs-macbook-pro-17:~ morrowlong$ host thesource.ofallevil.com thesource.ofallevil.com is an alias for www.microsoft.com. www.microsoft.com is an alias for toggle.www.ms.akadns.net. toggle.www.ms.akadns.net is an alias for g.www.ms.akadns.net. g.www.ms.akadns.net is an alias for lb1.www.ms.akadns.net. lb1.www.ms.akadns.net has address 207.46.193.254 lb1.www.ms.akadns.net has address 207.46.192.254 lb1.www.ms.akadns.net has address 207.46.19.190 lb1.www.ms.akadns.net has address 207.46.19.254 morrow-longs-macbook-pro-17:~ morrowlong$ OrgName: Microsoft Corp OrgID: MSFT Address: One Microsoft Way City: Redmond StateProv: WA PostalCode: 98052 Country: US NetRange: 207.46.0.0 - 207.46.255.255 CIDR: 207.46.0.0/16 NetName: MICROSOFT-GLOBAL-NET NetHandle: NET-207-46-0-0-1 Parent: NET-207-0-0-0-0 NetType: Direct Assignment NameServer: NS1.MSFT.NET NameServer: NS5.MSFT.NET NameServer: NS2.MSFT.NET NameServer: NS3.MSFT.NET NameServer: NS4.MSFT.NET Comment: RegDate: 1997-03-31 Updated: 2004-12-09 RTechHandle: ZM39-ARIN RTechName: Microsoft RTechPhone: +1-425-882-8080 RTechEmail: noc () microsoft com OrgAbuseHandle: ABUSE231-ARIN OrgAbuseName: Abuse OrgAbusePhone: +1-425-882-8080 OrgAbuseEmail: abuse () msn com OrgAbuseHandle: HOTMA-ARIN OrgAbuseName: Hotmail Abuse OrgAbusePhone: +1-425-882-8080 OrgAbuseEmail: abuse () hotmail com OrgAbuseHandle: MSNAB-ARIN OrgAbuseName: MSN ABUSE OrgAbusePhone: +1-425-882-8080 OrgAbuseEmail: abuse () msn com OrgNOCHandle: ZM23-ARIN OrgNOCName: Microsoft Corporation OrgNOCPhone: +1-425-882-8080 OrgNOCEmail: noc () microsoft com OrgTechHandle: MSFTP-ARIN OrgTechName: MSFT-POC OrgTechPhone: +1-425-882-8080 OrgTechEmail: iprrms () microsoft com # ARIN WHOIS database, last updated 2008-02-12 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database. morrow-longs-macbook-pro-17:~ morrowlong$ morrow-longs-macbook-pro-17:~ morrowlong$ traceroute 207.46.193.254 traceroute to 207.46.193.254 (207.46.193.254), 64 hops max, 40 byte packets 1 SANITIZED 2 SANITIZED 3 SANITIZED 4 te-4-4-ar01.berlin.ct.hartford.comcast.net (68.87.182.73) 46.305 ms 40.186 ms 47.818 ms 5 po-10-ar01.chartford.ct.hartford.comcast.net (68.87.146.29) 39.796 ms 11.300 ms 16.725 ms 6 * * * 7 xe-11-1-0.edge1.NewYork2.Level3.net (4.71.186.13) 63.964 ms 71.349 ms 72.815 ms 8 vlan99.csw4.NewYork1.Level3.net (4.68.16.254) 72.666 ms 37.444 ms vlan79.csw2.NewYork1.Level3.net (4.68.16.126) 26.398 ms 9 ae-72-72.ebr2.NewYork1.Level3.net (4.69.134.85) 38.540 ms ae-62-62.ebr2.NewYork1.Level3.net (4.69.134.81) 46.488 ms ae-92-92.ebr2.NewYork1.Level3.net (4.69.134.93) 66.931 ms 10 ae-2.ebr1.Chicago1.Level3.net (4.69.132.65) 105.695 ms 123.079 ms 69.522 ms 11 ae-68.ebr3.Chicago1.Level3.net (4.69.134.58) 70.894 ms 106.166 ms 93.893 ms 12 ae-3.ebr2.Denver1.Level3.net (4.69.132.61) 115.344 ms 111.851 ms 87.477 ms 13 ae-2.ebr2.Seattle1.Level3.net (4.69.132.53) 149.782 ms 107.382 ms 146.133 ms 14 ge-2-0-0-56.gar1.Seattle1.Level3.net (4.68.105.169) 124.276 ms ge-2-0-0-52.gar1.Seattle1.Level3.net (4.68.105.41) 111.031 ms ge-2-0-0-54.gar1.Seattle1.Level3.net (4.68.105.105) 155.807 ms 15 65.59.235.6 (65.59.235.6) 134.577 ms 125.719 ms 161.164 ms 16 207.46.37.252 (207.46.37.252) 156.125 ms 114.199 ms 134.124 ms 17 ten2-1.tuk-76c-1b.ntwk.msn.net (207.46.36.201) 124.372 ms 152.769 ms 147.232 ms 18 po17.tuk-65ns-mcs-1b.ntwk.msn.net (207.46.35.146) 135.268 ms 86.068 ms 100.947 ms ...
Current thread:
- Microsoft the source of all evil?? Simple question James Moore (Feb 13)
- <Possible follow-ups>
- Re: Microsoft the source of all evil?? Simple question Nick Pistentis (Feb 13)
- Re: Microsoft the source of all evil?? Simple question John Kim (Feb 13)
- Re: Microsoft the source of all evil?? Simple question Glenn Forbes Fleming Larratt (Feb 13)
- Re: Microsoft the source of all evil?? Simple question Kevin Halgren (Feb 13)
- Re: Microsoft the source of all evil?? Simple question Gary Flynn (Feb 13)
- Re: Microsoft the source of all evil?? Simple question Morrow Long (Feb 13)