[unisog] Honeypot in Netherlands mirroring entire DNSstructures for some .edu's

scott hollatz shollatz at d.umn.edu
Thu Nov 16 21:34:36 GMT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Right, I saw that just after I sent the email... It's wildcard.
>
> Because of the shear number of .edu's it's squating on, and the wildcards
> I'm assuming malicious.  Best case, you have legit users typo'ing stuff
> (like say, SSH connections) and giving their password to someone else.
>
> So far there is about a dozen, I've found.
 	[stuff deleted]

And try other TLDs:

 	% dig +short ibm.cm
 	72.51.27.58

 	% dig +short cisco.cm
 	72.51.27.58

 	% dig +short microsoft.cm
 	72.51.27.58

- --
scott hollatz                                        net shollatz at d.UMn.eDu
information technology systems and services          tel +1 218 726 8851
university of minnesota duluth mn usa                fax +1 218 726 7674
                                                                          --
                                               "Asn aD ta zlAp em uT zt33rg"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)

iD8DBQFFXNly4og1WWfEVRsRAnqPAJsHr5KGVKt37Gfy8z1jZpxa3ZNpgwCgm3+E
uQfpPjPu1O0IE+QM335zry8=
=WaSX
-----END PGP SIGNATURE-----


More information about the unisog mailing list