MX Record/DNS help needed
Michael Kjorling
michael at kjorling.com
Fri Jun 29 12:48:10 UTC 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Yes, you are in deep trouble. I would rebuild that machine from
scratch right away, this time with some decent protection.
Michael Kjörling
On Jun 28 2001 13:38 -0700, BCC wrote:
>
> Len Conrad wrote:
>
> > >nextproteins.com. IN NS
> > >webserver.nextproteins.com.
> >
> > the preceding line is illegal, there´s no rtype or rdata fields
> >
> > Here are your delegation records from the .com parent:
> >
> > mgw1# dig @a.gtld-servers.net nextproteins.com ns
> >
>
> <snip>
>
> >
> >
> > info is above;
> >
> > hint is: your zone data and delegation is a mess. :)))
> >
> > Len
>
> Sounds bad. Well, considering that I am a software engineer and not a
> sysadmin, looks like I need a detailed low level crash course on how to set
> this stuff up. Any suggestions on where to go?
>
> Also, I noticed something very strange that maybe someone could postulate a
> suggestion on...
> Some factoids....
> 1. On this machine there are two accounts, reap and iago, nobody in the
> nextproteins IS dept knows who they are.
>
> 2. The old sysadmin apparently went back to canada some time ago, so this
> box has been unadministered until yesterday, when I opened it and started
> poking around.
>
> 3. Len's DIG shows reap.soulinjection.com as NS on nextproteins.com (I
> think). The ip address from dig and nslookup is 24.5.172.3.
> 24.5.172.3 was the nameserver address I initially found in /etc/resolv.conf,
> I can't ping it.
>
> 4. Doing dig on reap.soulinjection.com shows NS of tcserver.gibfest.org.
>
> Curious, I went to www.soulinjection.com, and lo and behold on the front
> page is a news post from 'reap' about 'My bud iAgo just finished his hax0r
> project' some webcam. The link to that site is (you guessed it)
> www.gibfest.com.
>
> As if this wasn't strange enough, on www.soulinjection.com, Next Nutrition.
> Inc is listed as a client... and www.nextnutrition.com maps to
> www.nextproteins.com.
>
> Any thoughts besides HACKED! on this? Am I being paranoid?
> Thanks!
> Bryan
>
>
- --
Michael Kjörling - michael at kjorling.com - PGP: 8A70E33E
"We must be the change we wish to see" (Mahatma Gandhi)
^..^ Support the wolves in Norway -- go to ^..^
\/ http://home.no.net/ulvelist/protest_int.htm \/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7PHkOKqN7/Ypw4z4RApj/AJoDJNOS2/A2LUNNqAtbBUcWdUnrQwCeJBq5
GMFpB8PrGMtPZUOhg8KBTdU=
=YBtl
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list