[unisog] Problems with EDU.COM domain

Brad Judy Brad.Judy at colorado.edu
Fri Mar 24 00:14:20 GMT 2006


I see specific school pages for major schools like Harvard and ourselves
(colorado.edu.com), non-association pages from the ones given in an
earlier message in this thread, and generic pages for other words (e.g.
bob.edu.com).
 
Brad Judy
 
Information Technology Services
University of Colorado at Boulder


  _____  

From: unisog-bounces at lists.sans.org
[mailto:unisog-bounces at lists.sans.org] On Behalf Of Haeusser, Jens
Sent: Thursday, March 23, 2006 4:21 PM
To: UNIversity Security Operations Group
Subject: RE: [unisog] Problems with EDU.COM domain


I see a generic page no matter what URL I use. Perhaps the site is
presenting content based on the originating IP of the http connection
(ie Morrow sees a yale.edu.com page when looking at www.yale.edu.com
since his reverse lookup points to yale.edu), rather than just the URL.
 
Jens Haeusser
Chief Information Security Officer
University of British Columbia
 

  _____  

From: unisog-bounces at lists.sans.org on behalf of H. Morrow Long
Sent: Thu 23/03/2006 1:15 PM
To: UNIversity Security Operations Group
Subject: Re: [unisog] Problems with EDU.COM domain


As well as anything at zzz.edu.com such as XXX.ZZZ.EDU.COM 

They all resolve to the same IP for me (65.36.156.42).

Thing is, if you use a name it recognizes (www.yale.edu.com)
it presents a Yale University specific web page.  If you use a 
name it doesn't ( http://xxx.zzz.edu.com/ ) you just get a 
generic advertising page.

- H. Morrow Long, CISSP, CISM, CEH

  University Information Security Officer

  Director -- Information Security Office

  Yale University, ITS






On Mar 23, 2006, at 3:37 PM, David Lundy wrote:


It looks like a wild card.  Things like zzz.edu.com resolve.

David Lundy
Acting IT Security Officer
University of the Pacific


YorkJ at brcc.edu 03/23/06 11:09 AM >>>

Wow, even lowly community colleges are listed in the phishing sites
edu.com.  They must have copied the entire .edu domain.  I just called
Educause (.edu registrar) to let them know about it--the lady I talked
to hadn't seen it yet, but promised to send the info to their
management.
Thanks
John

John York
Network Engineer
Blue Ridge Community College


_______________________________________________
unisog mailing list
unisog at lists.sans.org 
http://www.dshield.org/mailman/listinfo/unisog
_______________________________________________
unisog mailing list
unisog at lists.sans.org
http://www.dshield.org/mailman/listinfo/unisog


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.dshield.org/pipermail/unisog/attachments/20060323/01b06bde/attachment-0001.htm


More information about the unisog mailing list