Re: [cobalt-users] Possible Hack atempt?

[Brent Sims <brent@xxxxxxxxxxx>]

On Tue, 6 Jun 2000, Michael Zimmermann so wrote:

} > } Jun  4 06:40:25 dns named[389]: ns_forw: query(www.severns-archery.com)
} > } contains our address (TAO.HEREFORDSHIRE.COM:195.188.113.190)
} 
} What was that? Would you mind explaining, 
} what was tried to accomplished? And for what?
} 
} What kind of attack is this?

	As I recall, the original poster said that she/did not host
this domain and wanted to know if they had been hacked. Basically
anyone can use any name server on the Internet for the name server
in their domain registration. All they have to do is find the
information on a name server and use that information in their
domain registration. There's nothing anyone can do to stop them.

	Things are even worse for user's of granitecanyon.com's
service as once authority for a domain is assigned to a host, anyone
with the ability to write a zone file on that host can create zone
files for sub-domains of the domain.

	The message above simply says that someone or something
looked up www.severns-archery.com and it's claiming TAO.HERE... as
one of it's name servers but that TAO.HERE... doesn't know anything
about it. 

	Thus, based upon what the poster of the message said, and
the error message found in their logs, the people responsible for
www.severns-archery.com simply decided to use TA).HEREF... as their
name server without bothering to ask. They just went ahead and did
it.

	Thus, it's more of a rape than an attack.

	Peace be with you,
	
	Brent
	
	Brent Sims
	WebOkay Internet Services
	http://www.WebOkay.net
	Brent@xxxxxxxxxxx
	(719) 595-1427 (Voice/Fax)