|
Message
From: Johnathan Corgan<jcorgan@a...>
Date: Tue Jul 27 02:35:18 CEST 2004
Subject: [oc] Did opencores.org get compromised?
On Monday 26 July 2004 04:27 pm, Austin Franklin wrote:> I can't get to opencores.org either...as you say, it redirects me to
> some spammer web site that should be shot and beaten.
Looks like it.
Right now, www.opencores.org resolves to 66.98.244.118
The web server at this IP address sends an immediate http redirect (302)
to qp.org, at 204.228.229.168.
This last IP address' reverse lookup is 168.anything.com, which is a
domain registered out of the Grand Cayman islands. Uh huh.
However, using a slightly different DNS lookup (via 'dig'),
www.opencores.org resolves to 193.189.173.98, which, when put into a
browser, is the real opencores website, running on the siol.net
network.
SO, what appears to have happened is the DNS record for opencores.org
has gotten spoofed somewhere to return the fake 204.228.229.168
address, but whoever did it didn't do a good enough job as I was able
to get the real IP address via a recursive look up. (Or something like
that...still scratching my head on all the DNS protocol traces.)
Anyway, the server itself appears to be fine, as you can see if you go
to http://193.189.173.98/
-Johnathan
|
 |
Browse
