[Dshield] Domain Name Front Running

Jason D. Montgomery jason at atgi.com
Tue Jan 8 23:15:18 GMT 2008 

Not sure if this was posted - showed up on /. today
 
Domain Registrar Network Solutions Front Running On Whois Searches
http://www.domainnamenews.com/featured/domain-registrar-network-solutions-front-running-on-whois-searches/1359
 
 
later,
jason
Jason Montgomery
Sr. Software Specialist/Security Specialist, ATGi <http://www.atgi.com/> 
jason at atgi.com
http://www.linkedin.com/in/jmonty

CISSP, GNET, MCAD, MCSA                                                                 	2550 Corporate Exchange Dr.
Suite 20
Columbus, Ohio 43231 USA
E8548FA88CABD7C170F36AA7AB23E536

 

________________________________

From: list-bounces at lists.dshield.org on behalf of John Draper
Sent: Wed 1/2/2008 2:40 AM
To: General DShield Discussion List
Subject: Re: [Dshield] Domain Name Front Running



Paul Ferguson wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - -- Tom <dshield at oitc.com> wrote:
>
>  
>> At 6:36 PM +0000 12/29/07, Paul Ferguson wrote:
>>    
>>> YMMV: My experience has been pretty positive with the RIR WHOIS
>>> data. :-)
>>>      
>
>  
>> In that case can you sprinkle your pixie dust and locate a valid
>>    
> contact that will do something about 216.244.139.206?  This is a
> REALLY infected IP that has been infected by various trojans (I
> actually think the various gangs are warring over who 0n3s it) for
> over a year.
>  
>
> Well, identifying who has been allocated the prefix, and getting
> someone to respond are obviously two different things. :-)
>  
A tip - when sending reports,  do it in Spanish or in whatever
language that administers that IP or upstream reporter.

That's always the problem,  because Chinese ISP's will usually
take spam reports in English and pipe it to /dev/null.

I've gotten really good results then I send my reports in the native
language spoken who administers the IP block.

Translators are OK,  but get a native speaker (or writer) to compose the
report for you. 

John
_________________________________________
SANS Security 2008 in New Orleans!! January 11-19 2008. Why freeze up north if you can be in New Orleans.  http://www.sans.org/info/15826

More information about the list mailing list