nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Possible login/password grabbing ploy

From: Darryl Baker <dpb () concentric net>
Date: Mon, 11 May 1998 11:30:03 -0400 (EDT)
I have found that most of the common mis-spellings of our domain name
have been registered with the Internic by a company named Americaoffline. 
Examples:
        concentic.net
        concentri.net
        concnetric.net
        consentric.net

They have also grabbed other mis-spellings of popular domains
Examples:
        aool.com
        bellsoth.com
        bellsuth.com
        hotmaiil.com
        mailexite.com
        pacbel.net
        spraynet.com

Originally I thought they were using these to build a bulk email list.
Then I found they have configured ftp addresses in each domain. This
will allow them to gather valid usernames and passwords anytime someone
makes a typo and trys to upload something to their ISP. 

We have listed their servers as bogus in our DNS configuration for now
and are looking into other more complete solutions.

Bind 8.X configuration addition:
server 205.231.48.243 { bogus yes; };
server 205.231.48.244 { bogus yes; };
-- 
   __                      _     __                  Darryl Baker
  /  )                    //    /  )       /         Sr. Systems Engineer
 /  / __.  __  __  __  , //    /--<  __.  /_  _  __  For the Concentric Network
/__/_(_/|_/ (_/ (_/ (_/_</_   /___/_(_/|_/ <_</_/ (_ dpb () concentric net
                     /
                    '
Previous By Date Next
Previous By Thread Next

Current thread: