hi,
i am a little bit confused. i get always "127.0.0.1" with host, dig, nslookup for "kimble.org"
$ host kimble.org <caching-nameserver_or_different_nameservers> kimble.org has address 127.0.0.1
do you get the same result?
http://www.sophos.com/virusinfo/analyses/w32blastere.html
* The registry entry used has been changed to HKLM\Software\Microsoft\Windows\CurrentVersion\ Run\Windows Automation * The target for the Distributed Denial-of-Service attack has been changed to kimble.org * The internal message has been changed to "I dedicate this particular strain to me ANG3L - hope yer enjoying yerself and dont forget the promise for me B/DAY !!!!."
shrek-m@gmx.de wrote:
hi,
i am a little bit confused. i get always "127.0.0.1" with host, dig, nslookup for "kimble.org"
$ host kimble.org <caching-nameserver_or_different_nameservers> kimble.org has address 127.0.0.1
do you get the same result?
http://www.sophos.com/virusinfo/analyses/w32blastere.html
B/DAY !!!!."
Me too host kimble.org kimble.org has address 127.0.0.1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thu, 28 Aug 2003 23:10:43 +0200, shrek-m@gmx.de wrote:
i am a little bit confused. i get always "127.0.0.1" with host, dig, nslookup for "kimble.org"
$ host kimble.org <caching-nameserver_or_different_nameservers> kimble.org has address 127.0.0.1
do you get the same result?
Try "host -a kimble.org". Misconfigured nameserver.
- --
Michael Schwendt wrote:
i am a little bit confused. i get always "127.0.0.1" with host, dig, nslookup for "kimble.org"
$ host kimble.org <caching-nameserver_or_different_nameservers> kimble.org has address 127.0.0.1
do you get the same result?
Try "host -a kimble.org". Misconfigured nameserver.
i must be blind. where can i find "Misconfigured nameserver" ??
$ host -a kimble.org Trying "kimble.org" ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57011 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION: ;kimble.org. IN ANY
;; ANSWER SECTION: kimble.org. 81645 IN A 127.0.0.1 kimble.org. 81645 IN NS ns1.dnsresolve.net. kimble.org. 81645 IN NS ns2.dnsresolve.net.
;; AUTHORITY SECTION: kimble.org. 81645 IN NS ns1.dnsresolve.net. kimble.org. 81645 IN NS ns2.dnsresolve.net.
;; ADDITIONAL SECTION: ns1.dnsresolve.net. 168044 IN A 193.254.184.231 ns2.dnsresolve.net. 168044 IN A 193.254.185.231
Received 154 bytes from 127.0.0.1#53 in 21 ms
$ host 217.5.99.105 105.99.5.217.in-addr.arpa domain name pointer www-proxy.OG1.srv.t-online.de.
$ host -a kimble.org 217.5.99.105 Trying "kimble.org" Using domain server: Name: 217.5.99.105 Address: 217.5.99.105#53 Aliases:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33516 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION: ;kimble.org. IN ANY
;; ANSWER SECTION: kimble.org. 40638 IN A 127.0.0.1 kimble.org. 40638 IN NS ns2.dnsresolve.net. kimble.org. 40638 IN NS ns1.dnsresolve.net.
;; AUTHORITY SECTION: kimble.org. 40638 IN NS ns1.dnsresolve.net. kimble.org. 40638 IN NS ns2.dnsresolve.net.
Received 122 bytes from 217.5.99.105#53 in 62 ms
$ host 194.25.2.129 129.2.25.194.in-addr.arpa domain name pointer dns03.btx.dtag.de.
$ host -a kimble.org 194.25.2.129 Trying "kimble.org" Using domain server: Name: 194.25.2.129 Address: 194.25.2.129#53 Aliases:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16862 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION: ;kimble.org. IN ANY
;; ANSWER SECTION: kimble.org. 54778 IN A 127.0.0.1 kimble.org. 69169 IN NS ns1.dnsresolve.net. kimble.org. 69169 IN NS ns2.dnsresolve.net.
;; AUTHORITY SECTION: kimble.org. 69169 IN NS ns2.dnsresolve.net. kimble.org. 69169 IN NS ns1.dnsresolve.net.
;; ADDITIONAL SECTION: ns1.dnsresolve.net. 84807 IN A 193.254.184.231
Received 138 bytes from 194.25.2.129#53 in 76 ms
$ host 198.41.0.4 4.0.41.198.in-addr.arpa domain name pointer a.root-servers.net.
$ host -a kimble.org 198.41.0.4 Trying "kimble.org" Using domain server: Name: 198.41.0.4 Address: 198.41.0.4#53 Aliases:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18856 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 11, ADDITIONAL: 11
;; QUESTION SECTION: ;kimble.org. IN ANY
;; AUTHORITY SECTION: org. 172800 IN NS A7.NSTLD.COM. org. 172800 IN NS L7.NSTLD.COM. org. 172800 IN NS G7.NSTLD.COM. org. 172800 IN NS F7.NSTLD.COM. org. 172800 IN NS M5.NSTLD.COM. org. 172800 IN NS TLD1.ULTRADNS.NET. org. 172800 IN NS TLD2.ULTRADNS.NET. org. 172800 IN NS J5.NSTLD.COM. org. 172800 IN NS I5.NSTLD.COM. org. 172800 IN NS C5.NSTLD.COM. org. 172800 IN NS E5.NSTLD.COM.
;; ADDITIONAL SECTION: A7.NSTLD.COM. 172800 IN A 192.5.6.36 L7.NSTLD.COM. 172800 IN A 192.41.162.36 G7.NSTLD.COM. 172800 IN A 192.42.93.36 F7.NSTLD.COM. 172800 IN A 192.35.51.36 M5.NSTLD.COM. 172800 IN A 192.55.83.34 TLD1.ULTRADNS.NET. 172800 IN A 204.74.112.1 TLD2.ULTRADNS.NET. 172800 IN A 204.74.113.1 J5.NSTLD.COM. 172800 IN A 192.48.79.34 I5.NSTLD.COM. 172800 IN A 192.43.172.34 C5.NSTLD.COM. 172800 IN A 192.26.92.34 E5.NSTLD.COM. 172800 IN A 192.12.94.34
Received 416 bytes from 198.41.0.4#53 in 406 ms
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Fri, 29 Aug 2003 00:07:45 +0200, shrek-m@gmx.de wrote:
i am a little bit confused. i get always "127.0.0.1" with host, dig, nslookup for "kimble.org"
$ host kimble.org <caching-nameserver_or_different_nameservers> kimble.org has address 127.0.0.1
do you get the same result?
Try "host -a kimble.org". Misconfigured nameserver.
i must be blind. where can i find "Misconfigured nameserver" ??
$ host -a kimble.org Trying "kimble.org" ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57011 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION: ;kimble.org. IN ANY
;; ANSWER SECTION: kimble.org. 81645 IN A 127.0.0.1
Right here, in the line above.
- --
On Thursday 28 August 2003 14:10, shrek-m@gmx.de wrote:
hi,
i am a little bit confused. i get always "127.0.0.1" with host, dig, nslookup for "kimble.org"
$ host kimble.org <caching-nameserver_or_different_nameservers> kimble.org has address 127.0.0.1
do you get the same result?
Looks like somebody is playing cutezie with the kimble.org domain to prevent a lot of extra traffic from hitting the network. Rather interesting way to block a DDoS, but the result is kimble.org is still inaccessable. Was kimble.org EVER accessable?
On Thu, 28 Aug 2003, Jesse Keating wrote:
Looks like somebody is playing cutezie with the kimble.org domain to prevent a lot of extra traffic from hitting the network. Rather interesting way to block a DDoS, but the result is kimble.org is still inaccessable. Was kimble.org EVER accessable?
It's one very effective way to stop it though, good call by the zone admin. The site used to be there, but google reports it only saying:
Showing web page information for kimble.org
KIMBLE rulez! xxx
... Sounds like 1 script kiddie pissed off another perhaps :)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thu, 28 Aug 2003 15:09:49 -0700, Jesse Keating wrote:
Looks like somebody is playing cutezie with the kimble.org domain to prevent a lot of extra traffic from hitting the network. Rather interesting way to block a DDoS, but the result is kimble.org is still inaccessable. Was kimble.org EVER accessable?
Probably the same as www.kimble.org which still works.
- --
On Thu, Aug 28, 2003 at 11:10:43PM +0200, shrek-m@gmx.de wrote:
i am a little bit confused. i get always "127.0.0.1" with host, dig, nslookup for "kimble.org" $ host kimble.org <caching-nameserver_or_different_nameservers> kimble.org has address 127.0.0.1 do you get the same result?
[snip]
- The target for the Distributed Denial-of-Service attack has been changed to kimble.org
There's no mystery here. The people who own kimble.org don't want to be DoS'ed, so they changed the target name to point at local host, so that each infected machine only attacks itself.
-
Hoyt -
Ilia Dulgerov -
Jesse Keating -
Matthew Miller -
Michael Schwendt -
Res -
shrek-m@gmx.de