© 1995-2013 by The FreeBSD Project. All rights reserved.URL: http://lists.de.freebsd.org
Hi Leute,
ich habe hier etwas merkwuerdiges.. wird vielleicht jemand draus schlau?
ich habe eine Mail nicht an lists.fitug.de senden koennen:
-------- Ursprüngliche Nachricht --------
Betreff: Mail delivery failed: returning message to sender
Von: Mail Delivery System <Mailer-Daemon(at)mail.zrz.tu-berlin.de>
Datum: Fre, 11.11.2005, 14:19
An: Peter.Ross(at)alumni.tu-berlin.de
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es)
failed:
debate(at)lists.fitug.de
SMTP error from remote mail server after RCPT
TO:<debate(at)lists.fitug.de>:
host lists.fitug.de [81.169.156.174]:
550 5.7.1 <debate(at)lists.fitug.de>... recipient denied, because MX
100 'mail.zrz.tu-berlin.de.' [130.149.4.15] for
<Peter.Ross(at)alumni.tu-berlin.de> rejected address saying
"Exploitable Server See:
http://www.sorbs.net/lookup.shtml?81.169.156.174."
------------------------------------------------------------------
okay, guck ich doch mal auf die Webseite:
Address and Port: 81.169.156.174
Record Created: Wed Oct 19 17:57:27 2005 GMT
Record Updated: Sun Oct 23 11:51:39 2005 GMT
Additional Information: Likely Trojaned Machine, host running unknown trojan
Currently active and flagged to be published in DNS
If you wish to request a delisting please do so through the Support System.
Hmmh. Das ist die Adresse von lists.fitug.de 9nicht von 8.tu-berlin.de,
wie ich zuerst gedacht habe:
> lists.fitug.de
Name: lists.fitug.de
Address: 81.169.156.174
> set type=NS
> fitug.de
Server: syst.nre.vic.gov.au
Address: 157.128.80.37
Non-authoritative answer:
fitug.de nameserver = ns4.DNS.Space.Net
fitug.de nameserver = ns.Space.Net
fitug.de nameserver = ns3.DNS.Space.Net
Authoritative answers can be found from:
ns4.DNS.Space.Net IPv6 address = 2001:608::1000:16
ns4.DNS.Space.Net IPv6 address = 2001:608::4
ns4.DNS.Space.Net internet address = 194.97.129.1
ns.Space.Net internet address = 195.30.0.10
ns3.DNS.Space.Net internet address = 193.149.44.49
Fine.
Reverse lookup:
> 81.169.156.174
Name: xn--abcdefghijklmnopqrstuvwxyzss-vnc45c5f.de
Address: 81.169.156.174
> set type=NS
> 156.169.81.in-addr.arpa
Non-authoritative answer:
156.169.81.in-addr.arpa nameserver = ns.rz-ip.net
156.169.81.in-addr.arpa nameserver = ns2.rz-ip.net
Authoritative answers can be found from:
156.169.81.in-addr.arpa nameserver = ns2.rz-ip.net
156.169.81.in-addr.arpa nameserver = ns.rz-ip.net
ns.rz-ip.net internet address = 81.169.163.39
ns2.rz-ip.net internet address = 81.169.148.40
> server 81.169.163.39
> set type=PTR
> 81.169.156.174
Server: ns.rz-ip.net
Address: 81.169.163.39
174.156.169.81.in-addr.arpa name =
xn--abcdefghijklmnopqrstuvwxyzss-vnc45c5f.de
156.169.81.in-addr.arpa nameserver = ns.rz-ip.net
156.169.81.in-addr.arpa nameserver = ns2.rz-ip.net
ns.rz-ip.net internet address = 81.169.163.39
ns2.rz-ip.net internet address = 81.169.148.40
okay, der Reverse Lookup wurde gehijackt.
Abschliessend:
> set type=NS
> xn--abcdefghijklmnopqrstuvwxyzss-vnc45c5f.de
Non-authoritative answer:
xn--abcdefghijklmnopqrstuvwxyzss-vnc45c5f.de nameserver =
ns2.namespace4you.de
xn--abcdefghijklmnopqrstuvwxyzss-vnc45c5f.de nameserver =
ns.namespace4you.de
Authoritative answers can be found from:
xn--abcdefghijklmnopqrstuvwxyzss-vnc45c5f.de nameserver =
ns2.namespace4you.de
xn--abcdefghijklmnopqrstuvwxyzss-vnc45c5f.de nameserver =
ns.namespace4you.de
ns2.namespace4you.de internet address = 193.223.77.3
ns.namespace4you.de internet address = 80.67.16.124
Hmmh. Wo genau wurde da gehackt und was ist der Sinn der Geschichte?
Ich wuerde das gern mal verstehen...
Es gruesst
Peter
To Unsubscribe: send mail to majordomo(at)de.FreeBSD.org
with "unsubscribe de-bsd-questions" in the body of the message
Received on Fri 11 Nov 2005 - 05:44:04 CET