I remember looking at something about name based and IP based lookups under apache that could cause this. See: http://www.apache.org/docs/dns-caveats.html I think the offending site would have to deliberately misconfigure their DNS to take advantage of this security hole. Regards Ralph Pickering On Wed, 08 Mar 2000, Michael H. Warfield wrote: > I'm adding [EMAIL PROTECTED] to this... > > On Wed, Mar 08, 2000 at 06:53:08AM +0000, Richard Adams wrote: > > On Wed, 08 Mar 2000, [EMAIL PROTECTED] wrote about, Re:: > > > try freshmeat.net > > > They seem to be the same URL, .net or .com. > > There seems to be something REALLY strange going on here! > > Most of the time, nslookup comes back like this: > > ] [mhw@alcove dns]$ nslookup www.freshmeat.com > ] Server: banshee.wittsend.com > ] Address: 130.205.0.2 > ] > ] Non-authoritative answer: > ] Name: freshmeat.com > ] Addresses: 209.207.224.211, 209.207.224.212 > ] Aliases: www.freshmeat.com > > .com and .net both the same. > > Once (first time), I got this... > > ] [mhw@alcove dns]$ nslookup www.freshmeat.com > ] Server: banshee.wittsend.com > ] Address: 130.205.0.2 > ] > ] Non-authoritative answer: > ] Name: freshmeat.com > ] Address: 200.250.58.148 > ] Aliases: www.freshmeat.com > > That address doesn't give me a good page at all. > > So let's see what the reverse says... > > ] [mhw@alcove dns]$ nslookup 200.250.58.148 > ] Server: banshee.wittsend.com > ] Address: 130.205.0.2 > ] > ] Name: papaleguas.conectiva.com.br > ] Address: 200.250.58.148 > ] Aliases: 148.58.250.200.in-addr.arpa > > ] [mhw@alcove dns]$ nslookup 209.207.224.212 > ] Server: banshee.wittsend.com > ] Address: 130.205.0.2 > ] > ] Name: www2.freshmeat.net > ] Address: 209.207.224.212 > > ] [mhw@alcove dns]$ nslookup 209.207.224.211 > ] Server: banshee.wittsend.com > ] Address: 130.205.0.2 > ] > ] Name: www1.freshmeat.net > ] Address: 209.207.224.211 > > I would call that very BAD news. Potentially, someone is playing > with DNS cache poisoning or we've got some other DNS hickup. > > > > ____________________Reply Separator____________________ > > > Subject: > > > Author: Robert Haehnel <[EMAIL PROTECTED]> > > > Date: 03/07/2000 8:20 PM > > > > > > Hey! What's the deal? I tried to go to > > > > > > www.freshmeat.com > > > > > > and I wind up at > > > > > > www.conectiva.com/en/ > > > > > > What gives? Anbody else wind up in the wrong place? > > > > > > -- > > > > > > R. Haehnel > > > > > > > > > > > > - > > > To unsubscribe from this list: send the line "unsubscribe linux-newbie" in > > > the body of a message to [EMAIL PROTECTED] > > > Please read the FAQ at http://www.linux-learn.org/faqs > > -- > > Regards Richard > > [EMAIL PROTECTED] > > http://people.zeelandnet.nl/pa3gcu/ > > > > > > - > > To unsubscribe from this list: send the line "unsubscribe linux-newbie" in > > the body of a message to [EMAIL PROTECTED] > > Please read the FAQ at http://www.linux-learn.org/faqs > > -- > Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED] > (The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/ > NIC whois: MHW9 | An optimist believes we live in the best of all > PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! > > > - > To unsubscribe from this list: send the line "unsubscribe linux-newbie" in > the body of a message to [EMAIL PROTECTED] > Please read the FAQ at http://www.linux-learn.org/faqs - To unsubscribe from this list: send the line "unsubscribe linux-newbie" in the body of a message to [EMAIL PROTECTED] Please read the FAQ at http://www.linux-learn.org/faqs
