Re: Adobe's DNS record in Network Solutions' database has beenhijacked

Wed, 18 Oct 2000 23:59:55 -0700 

On Wed, 18 Oct 2000, Kit wrote:

> Adobe's DNS record in Network Solutions' database has been hijacked from
> someone in China!!!
> 
> Check it out:
> 
> http://www.networksolutions.com/cgi-bin/whois/whois?STRING=adobe.com
> 
> Please don't laugh.

Funny enough, though DNS seems to have been changed too (not yet in
NetSol database, but in Internic and gtld-zone already), www.adobe.com
looks alright...

It is not on a Chinese server, as far as I can see:

traceroute to www.adobe.com (192.150.12.103), 30 hops max, 40 byte
packets
 1  cs12012-intx.cybercomm.nl (213.196.1.1)  0.612 ms  0.788 ms  0.367
ms
 2  ATM12-0-0-401.gw2.ams6.nl.uu.net (213.53.35.45)  1.508 ms  1.040
ms  1.100 ms
 3  322.atm1-0-0.cr1.ams6.nl.uu.net (212.136.176.9)  1.572 ms  1.482
ms  1.284 ms
 4  111.atm1-0-0.xr1.ams2.alter.net (212.136.184.6)  1.937 ms  2.036
ms  2.282 ms
 5  SO-0-0-0.TR2.AMS2.Alter.Net (146.188.8.82)  1.501 ms  1.232 ms
1.595 ms
 6  SO-6-0-0.TR2.LND2.Alter.Net (146.188.8.157)  6.318 ms  6.831 ms
6.894 ms
 7  SO-6-0-0.IR2.NYC12.Alter.Net (146.188.15.54)  78.835 ms  77.741 ms
78.694 ms
 8  so-1-0-0.IR2.NYC9.ALTER.NET (152.63.23.69)  78.033 ms  78.412 ms
78.288 ms
 9  119.at-5-0-0.TR2.SAC1.ALTER.NET (152.63.2.222)  157.458 ms
157.868 ms  157.476 ms
10  196.at-2-0-0.XR4.SCL1.ALTER.NET (152.63.52.25)  159.674 ms
160.215 ms  161.259 ms
11  194.ATM6-0.GW3.SCL1.ALTER.NET (152.63.114.181)  159.597 ms
159.831 ms  160.745 ms
12  192.150.13.1 (192.150.13.1)  160.332 ms  160.289 ms  160.697 ms
13  * www3.adobe.com (192.150.12.103)  161.059 ms *

Note, they seem to use load balancing (www1, www2 etc).

The Chinese nameservers are a full second away from me. 

It looks as if the hijackers were kind enough to keep www.adobe.com in
the air:

; <<>> DiG 8.3 <<>> @dns.cnmsn.net adobe.com. axfr
; (1 server found)
$ORIGIN adobe.com.
@                       1H IN SOA
dns.cnmsn.net. administrator. (
                                        13              ; serial
                                        15M             ; refresh
                                        10M             ; retry
                                        1D              ; expiry
                                        1H )            ; minimum

                        1H IN NS        dns.cnmsn.net.
mail                    1H IN A         64.41.250.200
proxy                   1H IN A         192.150.12.90
www                     1H IN A         192.150.12.101
                        1H IN A         192.150.12.102
                        1H IN A         192.150.12.103
@                       1H IN SOA
dns.cnmsn.net. administrator. (
                                        13              ; serial
                                        15M             ; refresh
                                        10M             ; retry
                                        1D              ; expiry
                                        1H )            ; minimum

;; Received 8 answers (8 records).
;; FROM: pan.bijt.net to SERVER: 202.101.139.200
;; WHEN: Thu Oct 19 07:26:03 2000

This was at 07:26 CEST (GMT +2).

A mystery.

-- 
Marc Schneiders

"In re tam iusta nulla est deliberatio."
(Acta SS. Mart. Scillitanorum [AD 202])

Reply via email to