Re: My FC3 machine appears to be compromised, please help

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 4/6/06, Les Mikesell <lesmikesell@xxxxxxxxx> wrote:
> On Thu, 2006-04-06 at 14:24, Bob Brennan wrote:
>
> > Below is the results of nslookups both ways. As you can see the
> > nslookup of mi-server.net does not include the proper IP, only Mr
> > Nasty's whoever it is that is taking all my email from me. What does
> > http://mi-server.net deiver on the outside world? I can't see it since
> > my own hosts file keeps me on my LAN.
> >
> > C:\nslookup 83.104.235.34
> > Server:  cache-1.ns.demon.net
> > Address:  158.152.1.58
> >
> > Name:    rbrennan.demon.co.uk
> > Address:  83.104.235.34
> >
> >
> > C:\nslookup mi-server.net
> > Server:  cache-1.ns.demon.net
> > Address:  158.152.1.58
> >
> > Non-authoritative answer:
> > Name:    wc.funnel.revenuedirect.com.akadns.net
> > Addresses:  69.25.47.165, 66.150.161.58
> > Aliases:  mi-server.net, wc.traffic.puredns.com
>
> I get:
> nslookup 83.104.235.34
> Non-authoritative answer:
> 34.235.104.83.in-addr.arpa      name = rbrennan.demon.co.uk.
>
> nslookup mi-server.net
> Non-authoritative answer:
> Name:   mi-server.net
> Address: 83.104.235.34
>
> And a connection looks OK:
>
> telnet 83.104.235.34 25
> Trying 83.104.235.34...
> Connected to 83.104.235.34.
> Escape character is '^]'.
> 220 Mi-Tech ESMTP server
> quit
>
> --
>  Les Mikesell
>   lesmikesell@xxxxxxxxx

that will depend on your nameserver, and that is why I suspect it is
only a demon problem. Set your server to cache-1.ns.demon.net and you
get the wrong info, set your server to ns1.mydomain.com and it is ok.
But my default nameserver is demon so Sendmail uses that and gets it
wrong. See below

C:\nslookup
Default Server:  cache-1.ns.demon.net
Address:  158.152.1.58

> mi-server.net
Server:  cache-1.ns.demon.net
Address:  158.152.1.58

Non-authoritative answer:
Name:    wc.funnel.revenuedirect.com.akadns.net
Addresses:  66.150.161.58, 69.25.47.165
Aliases:  mi-server.net, wc.traffic.puredns.com

> server ns1.mydomain.com
Default Server:  ns1.mydomain.com
Address:  64.94.117.195

> mi-server.net
Server:  ns1.mydomain.com
Address:  64.94.117.195

Name:    mi-server.net
Address:  83.104.235.34
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux