-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi,
Lawrence Chin wrote on 30.08.2008 6:23 Uhr: > Hi everyone. > > I've been confused about one thing. Several days ago when I typed in the > url http://pool.sks-keyservers.net into my browser, this website called > www.kim-minh.com kept popping up instead and wouldn't let me go to > pool.sks-keyservers.net. Is this some sort of traffic hijacking or what? > Did anyone see the same thing? pool.sks-keyservers.net isn't a single machine. As the name indicates, it is a pool of machines. Which one you get out of this pool is more or less random. If you lookup the IP-address of pool.sks-keyservers.net you get pool.sks-keyservers.net. 28800 IN A 195.113.19.83 pool.sks-keyservers.net. 28800 IN A 202.191.99.51 pool.sks-keyservers.net. 28800 IN A 195.111.98.30 pool.sks-keyservers.net. 28800 IN A 66.163.18.195 pool.sks-keyservers.net. 28800 IN A 78.47.223.101 pool.sks-keyservers.net. 28800 IN A 216.215.6.39 pool.sks-keyservers.net. 28800 IN A 91.121.167.18 pool.sks-keyservers.net. 28800 IN A 86.59.21.34 pool.sks-keyservers.net. 28800 IN A 193.174.13.74 pool.sks-keyservers.net. 28800 IN A 64.71.173.107 pool.sks-keyservers.net. 28800 IN A 194.171.167.147 pool.sks-keyservers.net. 28800 IN A 213.239.210.122 pool.sks-keyservers.net. 28800 IN A 72.190.107.50 pool.sks-keyservers.net. 28800 IN A 128.220.220.244 pool.sks-keyservers.net. 28800 IN A 212.227.108.151 pool.sks-keyservers.net. 28800 IN A 213.239.212.133 pool.sks-keyservers.net. 28800 IN A 85.214.20.227 pool.sks-keyservers.net. 28800 IN A 213.146.108.162 pool.sks-keyservers.net. 28800 IN A 195.22.207.161 pool.sks-keyservers.net. 28800 IN A 64.71.173.98 If you lookup www.kim-minh.com you get www.kim-minh.com. 43200 IN CNAME kim.kim-minh.com. kim.kim-minh.com. 43200 IN A 91.121.167.18 so that's one of the above addresses for pool.sks-keyservers.net If you go to http://91.121.167.18, you end up in a web-interface that looks like a key lookup or trust chain lookup. It's in french, so I'm not a 100% sure. Port: 11371 for hkp is open, so there seems to be a keyserver implemented. However, the command gpg --keyserver hkp://91.121.167.1 --recv-key 0xdeadbeef fails with a timeout, so there may be a temporary network problem. All in all there is no sign of DNS poisoning or traffic hijacking in my eyes. HTH Ludwig -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBSLkqUFYnpxVXVowdAQrXbQf9ESFm8mPUgwn2Djn6L1eXJyWC5prjb6yg ANNBpJXbDUO03udtIdSV8hncd8af+vxL/KoEiQH42jHPN+DK69u/lIs8PoGhSwKk +BV8yO7mFM8AkRumz+jqkNR7dWf6WpTYBMS3gXNHdy4D4maFU2amm03YQVg0baAv tROhPXLXb3lW3aCjuCSt+jR9x/IVmVnih7nPUYLBgIAgpeqaJLK6k0fWOcqIdz8Q Hnwnbc3Vi8WwCs58CpdbFl5NRq15vVrfs+Xx8syMjA1KkEjnN9kvnNHunkGJmVht WcX9kCG7G77TrHNO/htUECS6Z4sxuCD2lz2kLzaWj8g6/c4++ErUsg== =SJJN -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
