[unisog] Problems with EDU.COM domain

Haeusser, Jens jens.haeusser at ubc.ca
Thu Mar 23 23:20:40 GMT 2006


I see a generic page no matter what URL I use. Perhaps the site is presenting content based on the originating IP of the http connection (ie Morrow sees a yale.edu.com page when looking at www.yale.edu.com since his reverse lookup points to yale.edu), rather than just the URL.
 
Jens Haeusser
Chief Information Security Officer
University of British Columbia
 

________________________________

From: unisog-bounces at lists.sans.org on behalf of H. Morrow Long
Sent: Thu 23/03/2006 1:15 PM
To: UNIversity Security Operations Group
Subject: Re: [unisog] Problems with EDU.COM domain


As well as anything at zzz.edu.com such as XXX.ZZZ.EDU.COM 

They all resolve to the same IP for me (65.36.156.42).

Thing is, if you use a name it recognizes (www.yale.edu.com)
it presents a Yale University specific web page.  If you use a 
name it doesn't ( http://xxx.zzz.edu.com/ ) you just get a 
generic advertising page.

- H. Morrow Long, CISSP, CISM, CEH

  University Information Security Officer

  Director -- Information Security Office

  Yale University, ITS






On Mar 23, 2006, at 3:37 PM, David Lundy wrote:


	It looks like a wild card.  Things like zzz.edu.com resolve.

	David Lundy
	Acting IT Security Officer
	University of the Pacific


				YorkJ at brcc.edu 03/23/06 11:09 AM >>>

	Wow, even lowly community colleges are listed in the phishing sites
	edu.com.  They must have copied the entire .edu domain.  I just called
	Educause (.edu registrar) to let them know about it--the lady I talked
	to hadn't seen it yet, but promised to send the info to their
	management.
	Thanks
	John

	John York
	Network Engineer
	Blue Ridge Community College


	_______________________________________________
	unisog mailing list
	unisog at lists.sans.org 
	http://www.dshield.org/mailman/listinfo/unisog
	_______________________________________________
	unisog mailing list
	unisog at lists.sans.org
	http://www.dshield.org/mailman/listinfo/unisog


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 7134 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20060323/71606ca7/attachment.bin


More information about the unisog mailing list