Re: strange DNS lookup

From: Nicholas DePetrillo <nick_usenet@xxxxxxxxxx>
Date: Wed, 01 Feb 2006 16:52:19 -0500

On Wed, 01 Feb 2006 22:34:41 +0100, Jacob Kristensen wrote:

> 
> Could somebody help me explain this:
> $ dig @194.239.10.41 www.8ingatlan.hu
> 
> ; <<>> DiG 9.3.1 <<>> @194.239.10.41 www.8ingatlan.hu
> ; (1 server found)
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29943
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;www.8ingatlan.hu.              IN      A
> 
> ;; ANSWER SECTION:
> www.8ingatlan.hu.       41085   IN      A       192.168.0.1
> 
> ;; Query time: 172 msec
> ;; SERVER: 194.239.10.41#53(194.239.10.41)
> ;; WHEN: Wed Feb  1 22:25:57 2006
> ;; MSG SIZE  rcvd: 50
> 
> 
> The 194.239.10.41 is the IP of my ISP's DNS server. I wonder why that name
> resolves to 192.168.0.1, shouldn't that be a RFC1918 reserved adress by
> IANA? A friend of mine with a different ISP gets the same result using the
> DNS server of his ISP.
> 
> kind regards
> Jacob Kristensen

Your correct in that 192.168 is an RFC1918 reserved address but it does
not stop anyone from simply just making www.8ingatlan.hu resolve to
anything they want.

For example:
 
badrfc          IN      A       192.168.1.45

Throw that in a domain zone file in BIND and you've got it.

Now why they would do this is anyones guess. Could be malicious tricks?
What exactly is www.8ingatlan.hu?

-- 
Nick DePetrillo
Network Security Engineer
OSHEAN
PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x121245B5

.

Follow-Ups:
- Re: strange DNS lookup
  - From: Jacob Kristensen

References:
- strange DNS lookup
  - From: Jacob Kristensen

Prev by Date: strange DNS lookup
Next by Date: Re: strange DNS lookup
Previous by thread: strange DNS lookup
Next by thread: Re: strange DNS lookup
Index(es):
- Date
- Thread

Relevant Pages

Re: How do I get default service change to stay
... PITA - this is anti server behaviour by your ISP. ... If their ISP did not have these security> requirements, I would be using the POP connector to retrieve email and the ... > My only problem has been that if the ISP service in the Outlook profile is> not the default account, outbound Internet email is sent to the Exchange> server, not to the ISP mail server. ...
(microsoft.public.windows.server.sbs)
RE: Exchange Issues
... The problem occuring was that SPA had been ticked in the POP3 connector ... > Email and Internet Connection Wizard) first. ... > email settings of the server. ... If you need to forward internet email to your ISP ...
(microsoft.public.windows.server.sbs)
Re: Why IP address is fixed everytime connected to the Internet?
... The ISP, the network card (i.e. MAC address??), or the ... Typically it is assigned by your ISP. ... from the ISP DHCP server. ... Some Internet connections are formed using PPP ...
(comp.os.linux.networking)
Re: Why IP address is fixed everytime connected to the Internet?
... The ISP, the network card (i.e. MAC address??), or the ... Typically it is assigned by your ISP. ... from the ISP DHCP server. ... Some Internet connections are formed using PPP ...
(microsoft.public.security)
Re: Anyone tri-homed SBS2003?
... Use your current ISP as a smarthost. ... You can probably setup the POP3 ... you think that is more expensive than DSL? ... >>not sending the email to just one server to ...
(microsoft.public.windows.server.sbs)