[unisog] Honeypot in Netherlands mirroring entire DNSstructures for some .edu's
shollatz at d.umn.edu
Thu Nov 16 21:34:36 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
> Right, I saw that just after I sent the email... It's wildcard.
> Because of the shear number of .edu's it's squating on, and the wildcards
> I'm assuming malicious. Best case, you have legit users typo'ing stuff
> (like say, SSH connections) and giving their password to someone else.
> So far there is about a dozen, I've found.
And try other TLDs:
% dig +short ibm.cm
% dig +short cisco.cm
% dig +short microsoft.cm
scott hollatz net shollatz at d.UMn.eDu
information technology systems and services tel +1 218 726 8851
university of minnesota duluth mn usa fax +1 218 726 7674
"Asn aD ta zlAp em uT zt33rg"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)
-----END PGP SIGNATURE-----
More information about the unisog