BING DNS Hijack?
Dan wrote in with some interesting results after a co-worker reported an unusual error.
Is anyone else having similar problems/results?
A dns lookup shows the NS records pointing to servers at JOMAX.NET
$ dig search.live.com
; <<>> DiG 9.7.0-P1 <<>> search.live.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15688
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;search.live.com
. IN A
;; ANSWER SECTION:
search.live.com
. 60 IN A 69.25.212.52
search.live.com
. 60 IN A 8.15.228.166
;; AUTHORITY SECTION:
search.live.com
. 65535 IN NS WSC2.JOMAX.NET
.
search.live.com
. 65535 IN NS WSC1.JOMAX.NET
.
;; Query time: 43 msec
;; SERVER: 10.1.200.16#53(10.1.200.16)
;; WHEN: Wed Jul 20 08:37:46 2011
;; MSG SIZE rcvd: 121
A whois on live.com
is very interesting as well:
~$ whois live.com
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Server Name: LIVE.COM.ZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM
IP Address: 69.41.185.200
Registrar: TUCOWS.COM
CO.
Whois Server: whois.tucows.com
Referral URL: http://domainhelp.opensrs.net
Server Name: LIVE.COM.ITS-NOT-ROCKET-SCIENCE-MR-RIKY-BLAIKIE.BURTYB.COM
IP Address: 209.85.6.100
Registrar: ENOM, INC.
Whois Server: whois.enom.com
Referral URL: http://www.enom.com
Server Name: LIVE.COM.IS.N0T.AS.1337.AS.GULLI.COM
IP Address: 80.190.192.39
Registrar: EPAG DOMAINSERVICES GMBH
Whois Server: whois.enterprice.net
Referral URL: http://www.enterprice.net
Server Name: LIVE.COM.IS.0WN3D.BY.GULLI.COM
IP Address: 80.190.192.39
Registrar: EPAG DOMAINSERVICES GMBH
Whois Server: whois.enterprice.net
Referral URL: http://www.enterprice.net
Domain Name: LIVE.COM
Registrar: CSC CORPORATE DOMAINS, INC.
Whois Server: whois.corporatedomains.com
Referral URL: http://www.cscglobal.com
Name Server: NS1.MSFT.NET
Name Server: NS2.MSFT.NET
Name Server: NS3.MSFT.NET
Name Server: NS4.MSFT.NET
Name Server: NS5.MSFT.NET
Status: clientDeleteProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 08-apr-2009
Creation Date: 28-dec-1994
Expiration Date: 27-dec-2017
>>> Last update of whois database: Wed, 20 Jul 2011 12:28:01 UTC <<<
Dan followed up with:
Additional: we use Global Crossing for our ISP, all of their DNS servers (which we use as forwarders) produce the same results. Other name servers I checked (OpenDNS, AT&T) looked okay. As of right now, users get the Bing webpage when they go to http://search.live.com, though the IP addresses haven't changed.
Something doesn't smell right about this.
Indeed
Christopher Carboni - Handler On Duty
Comments
www
Nov 17th 2022
2 months ago
EEW
Nov 17th 2022
2 months ago
qwq
Nov 17th 2022
2 months ago
mashood
Nov 17th 2022
2 months ago
isc.sans.edu
Nov 23rd 2022
2 months ago
isc.sans.edu
Nov 23rd 2022
2 months ago
isc.sans.edu
Dec 3rd 2022
1 month ago
isc.sans.edu
Dec 3rd 2022
1 month ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
isc.sans.edu
Dec 26th 2022
1 month ago
isc.sans.edu
Dec 26th 2022
1 month ago