[AusNOG] arpa.com.au.. wtf?? (telstra/optus/connect resolvers doing 'in-addr.arpa.com.au' requests?!
Damien Gardner Jnr
rendrag at rendrag.net
Tue Nov 24 20:57:59 EST 2009
On 24/11/2009, at 8:43 PM, Trent Lloyd wrote:
> Many web browsers and possibly even resolvers try to append ".com",
> ".com.au" etc to things that don't work - assuming they were mis-
> typed, I suspect you'll find theres some fairly specific bit of
> software being the main culprit here, and I'm not sure what it is,
> but it's fairly non surprising to me personally. I'd love to know
> what specifically is doing it, though.. i'm going to guess windows
> something.
Yeah true - I remember back many years ago when it was perfectly valid
to just hit up www.csiro, and your dns server would first try looking
that up, then use it's local domain name, and step through stripping
out parts until it got a hit - so back then (for me), it would have
been trying www.csiro.netcon.net.au, www.csiro.net.au, then finally www.csiro.au
. And yeah, even today browsers will try to be 'helpful' and
append .com, .com.au, etc.. - but being a reverse lookup, i was a
little surprised - messing up an in-addr.arpa seems like it'd take an
actual hands-on screwup ;)
Although I can't think of any way of tracking it back without one of
the ISP's in question doing some logging and seing where on their
network the requests are coming from.. Unless anyone has some
thoughts on something I can inject in as a bogus record under in-
addr.arpa.com.au that would cause whatever it is to reveal itself? If
it was messed-up forward lookup, I'd just point it at an unused IP,
and tcpdump it for a few hours..
Cheers,
DG
Damien Gardner Jnr
VK2TDG. Dip EE. GradIEAust
rendrag at rendrag.net - http://www.rendrag.net/
--
We rode on the winds of the rising storm,
We ran to the sounds of thunder.
We danced among the lightning bolts,
and tore the world asunder
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20091124/22e72b46/attachment.html>
More information about the AusNOG
mailing list