mersenneforum.org DNS Hijack (moved from Server problems thread)
 Register FAQ Search Today's Posts Mark Forums Read

2012-05-17, 20:44   #2
chalsall
If I May

"Chris Halsall"
Sep 2002

3·5·739 Posts

Quote:
 Originally Posted by c10ck3r Rec'd this from the ABA, thought I'd warn the powers that be.
I'm not entirely sure that's true. But then again, I wouldn't be surprised.

I personally do not trust OpenDNS. I don't like the fact they answer authoratively for domains which don't exist; covered with ads.

Google's DNS servers at least will say when they don't know the answer. 8.8.8.8 and 8.8.4.4.

Or, you can simply run your own DNS servers, and talk to the root servers.

2012-05-17, 21:26   #3
c10ck3r

Aug 2010
Kansas

10438 Posts

Quote:
 Originally Posted by chalsall I'm not entirely sure that's true. But then again, I wouldn't be surprised. (Snip snip)
Well, I assure you it was from the American Banking Association, who forwarded it to my employer (a member bank).
The FBI link is legit, and I made sure by accessing via the generic fbi.gov site before posting.

 2012-05-17, 22:06 #4 Dubslow Basketry That Evening!     "Bunslow the Bold" Jun 2011 40
2012-05-17, 22:54   #5
chalsall
If I May

"Chris Halsall"
Sep 2002

3×5×739 Posts

Quote:
 Originally Posted by c10ck3r Well, I assure you it was from the American Banking Association, who forwarded it to my employer (a member bank). The FBI link is legit, and I made sure by accessing via the generic fbi.gov site before posting.
OK.

My issue is I don't like how OpenDNS deals with resolution of domains which don't exist. According to RFC 2606, when a domain name server doesn't know the answer to a question, it should say so.

OpenDNS answers all DNS queries; those it doesn't know about it answers with the IP of a web server which starts with ads.

For example, from the Unix, first quering OpenDNS:

Code:
[chalsall@burrow ~]$dig @208.67.220.220 thisshouldnotresolve.com ; <<>> DiG 9.8.2-RedHat-9.8.2-1.fc15 <<>> @208.67.220.220 thisshouldnotresolve.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16219 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;thisshouldnotresolve.com. IN A ;; ANSWER SECTION: thisshouldnotresolve.com. 0 IN A 67.215.65.132 Then, asking Google's DNS: Code: [chalsall@burrow ~]$ dig @8.8.8.8 thisshouldnotresolve.com

; <<>> DiG 9.8.2-RedHat-9.8.2-1.fc15 <<>> @8.8.8.8 thisshouldnotresolve.com
; (1 server found)
;; global options: +cmd
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 34873
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;thisshouldnotresolve.com.	IN	A

;; AUTHORITY SECTION:
com.			819	IN	SOA	a.gtld-servers.net. nstld.verisign-grs.com. 1337294775 1800 900 604800 86400

2012-05-17, 23:57   #6
bcp19

Oct 2011

7×97 Posts

Quote:
 Originally Posted by Dubslow This isn't the first time I've heard about this; the FBI has been issuing warnings via various methods (including the news, I believe) for at least 6 months now. That's why I had no trouble believing this.
I read something on this quite a while back, but it seemed most people didn't want to trust the FBI link, mainly due to paranoia about them finding stuff on their systems lol.

2012-05-18, 03:30   #7

"Kieren"
Jul 2011
In My Own Galaxy!

2×3×1,693 Posts

Quote:
 Originally Posted by bcp19 I read something on this quite a while back, but it seemed most people didn't want to trust the FBI link, mainly due to paranoia about them finding stuff on their systems lol.
That, and I have gotten quite a few phishing-type emails which claim to be from the FBI, as well as from Hillary Clinton, and the usual Russian Oil Tycoons' Widows, HRM The Queen of England, and Nigerian Bankers. And besides, c10ck3r did verify the source. That does leave aside the question of how much faith you want to put into government pronouncements of the scary sort.

I'll try to gather some of my collection of amusing bogus emails and post them over at The Lounge, or wherever that thread is.

Last fiddled with by kladner on 2012-05-18 at 03:31

2012-05-18, 04:11   #8
bcp19

Oct 2011

7×97 Posts

Quote:
 Originally Posted by kladner That, and I have gotten quite a few phishing-type emails which claim to be from the FBI, as well as from Hillary Clinton, and the usual Russian Oil Tycoons' Widows, HRM The Queen of England, and Nigerian Bankers. And besides, c10ck3r did verify the source. That does leave aside the question of how much faith you want to put into government pronouncements of the scary sort. I'll try to gather some of my collection of amusing bogus emails and post them over at The Lounge, or wherever that thread is.
If I were in the affected group, I would not hesitate to use the FBI assist as I would simply go to the FBI website and look it up there rather than use an email link. Since I get dozens of paypal alerts a month telling me that if I don't respond my account will be locked, I am used to not clicking email links(Unless I am feeling ornery then I use a username like ^$()*&#(^$ or @^$^@$^@ and the email stickit@yourrear.com). Then there's the millions I fail to collect from all my little known relatives who have died in Africa and I've probably lost over a billion dollars so far. God, I must be crazy ;)

 2012-05-18, 05:14 #9 LaurV Romulan Interpreter     "name field" Jun 2011 Thailand 3×23×149 Posts That's bull. Especially the part with "access to a second computer to dld antivirus software". You should have a good sleep and do nothing about it. To avoid any later remorse, you can eventually take eset's not32 from the web, is free for 30 days (and you can reinstall it every 30 days, if you can't afford 25 bucks per year per 3 computers). It is the best on the market since 12 years (most vb100 awards), according with virusbuletin, I am using it for more then 16 years (licensed) without any headache in all this time, it is faster then all competitor's who can rival at strengths and much stronger then all the others who can't. It has one of the best heuristics I saw (I know what I am talking about, I did thousands of tests, and I proudly own a "small virus collection" with over 30 thousands virus families).
 2012-05-18, 05:34 #10 PageFault     Aug 2002 Dawn of the Dead 5×47 Posts How about responsible use of the intarweb ... 25 years here, only 1 virus, which was removed as a still dormant trojan ... that was 12 years ago. Any time you see "click hear for free money / pr0n / whatever", head for the hills ... Symantec does it for the rest ...
 2012-05-18, 06:02 #11 Dubslow Basketry That Evening!     "Bunslow the Bold" Jun 2011 40

 Similar Threads Thread Thread Starter Forum Replies Last Post ewmayer PrimeNet 2879 2023-02-02 13:47 Christenson Soap Box 167 2022-08-03 12:36 Madpoo PrimeNet 9 2015-07-25 07:47 schickel Aliquot Sequences 10 2012-05-22 10:50 maqableh Programming 9 2006-05-12 16:22

All times are UTC. The time now is 06:34.

Sat Feb 4 06:34:18 UTC 2023 up 170 days, 4:02, 1 user, load averages: 1.71, 1.04, 0.91