host resolution problem
Results 1 to 6 of 6

Thread: host resolution problem

  1. #1
    Senior Member
    Join Date
    May 2003
    Posts
    472

    host resolution problem

    i am facing something wrong here...
    i tried to ping ips.mine.nu

    the response i got is this

    PING ips.mine.nu (10.0.1.128) from 10.1.5.11 : 56(84) bytes of data.
    From 10.1.5.11 icmp_seq=1 Destination Host Unreachable
    From 10.1.5.11 icmp_seq=2 Destination Host Unreachable
    From 10.1.5.11 icmp_seq=3 Destination Host Unreachable
    From 10.1.5.11 icmp_seq=4 Destination Host Unreachable
    From 10.1.5.11 icmp_seq=5 Destination Host Unreachable
    From 10.1.5.11 icmp_seq=6 Destination Host Unreachable
    From 10.1.5.11 icmp_seq=7 Destination Host Unreachable
    From 10.1.5.11 icmp_seq=8 Destination Host Unreachable
    From 10.1.5.11 icmp_seq=9 Destination Host Unreachable

    --- ips.mine.nu ping statistics ---
    11 packets transmitted, 0 received, +9 errors, 100% loss, time 10277ms
    , pipe 3

    how it can resolve to 10.0.1.128....
    my /etc/hosts file is as follows...

    # Do not remove the following line, or various programs
    # that require network functionality will fail.
    127.0.0.1 localhost.localdomain localhost

    and we are not using any DNS server in the local net....and moreover we are not using the range 10.0.xxx.xxx

    then how can this address resolve to 10.0.1.128....all other resolutions are fine....
    guru@linux:~> who I grep -i blonde I talk; cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep;

  2. #2
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    no your not facing something wrong...i get the same response trying to ping it. where did you get the url from. it makes sense that the ip address would respond like that, reserverved and all that but why would a name server resole it that way.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  3. #3
    Senior Member
    Join Date
    May 2003
    Posts
    472
    well i got it from a website while surfing.
    guru@linux:~> who I grep -i blonde I talk; cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep;

  4. #4
    Senior Member
    Join Date
    Aug 2003
    Posts
    205
    NullDevice,

    It seems like for some strange reason, someone (someDNS server out there) has the mapping of ips.mine.nu to the unregistered private IP 10.0.1.128.

    DNS is only going to resolve what the domain maps to, even if erroneously defined, which seems like the case here.


    The fact that your ping is unsuccessful makes very much sense and is exactly what is supposed to happen. Querying a DNS server for a domain name and asking a router to route a packet destined for an RFC 1918 address are 2 different things.

    Your query to a DNS is pointing to a public address.
    You request to ping that device is relying that your nearest router has a route to that dst address.

    I am assuming from your response, your local router gateway has an IP of 10.1.5.11 which in turn has a default gateway to an ISPs' router whose running BGP4 and contains a full routing table of all reachable existing public networks/addresses.

    The unreachable response by the 10.1.5.11 router is a result of its nearest peer (BGP4 router), telling it that that address does not exist in its routing table..



    Cheers

    P.S.

    If you want to contact these guys and notify them of the mistake
    http://www.nunames.nu/cgi-bin/drill....inname=mine.nu

    I think domain extension for country of "Niue"

  5. #5
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    i think the explaination lies here:

    http://www.cctec.com/maillists/nanog.../msg00680.html

    Subject: RE: DDOS anecdotes

    > Can you elaborate further?

    Certainly, I can elaborate further. (although not in HTML... plain text is
    so much more elegant)

    >From Mr. Gibson's page:
    "<Gibson> It looks like he's lost his dynDNS
    <^b0ss^> you know what serve he keeps them all on
    <^b0ss^> yup
    <Gibson> yeah, I have his server, but I think he's off the air
    <Gibson> for now and won't be bothering me again any time soon.
    <^b0ss^> we had alot of bots on ips.mine.nu
    <^b0ss^> but they took it down
    <^b0ss^> for illegal use"
    ""Wicked" and his IRC Bots communicate by logging onto an IRC server located
    at the domain "wkdbots.***.**" (I have blanked the upper portion of the
    domain to allow me to provide all other details.) This domain name is hosted
    by a dynamic DNS service, allowing Wicked to change the location of the IRC
    server, as needed, by pointing the "wkdbots" domain at a different IP
    address. This highlights one of the several weaknesses of the IRC Bots
    system: A single discovered Bot reveals the IRC meeting place of the entire
    Bot fleet. The subsequent loss of access to their shared domain cripples the
    Bot network by denying its access to its central communications hub. "

    We thus have the reference to dynamic DNS services twice here. Now, I ought
    to mention that mine.nu is one of our domains (although ips.mine.nu was
    indeed removed for AUP violations as Mr. Gibson points out). So, there's the
    first reference to us. The second is the "wkdbots.***.**". It just so
    happens that we provide services in a domain that's ***.**, and
    coincidentally enough, there was a wkdbots.***.** in that domain.

    So, I think it's fairly clear that Mr. Gibson was talking about us here
    (some of our users were also able to make the wkdbots.***.** link and
    emailed us pointing us to Mr. Gibson's site). What happened? Well... He
    never contacted us about the wkdbots.***.**, for one thing... even though we
    have a rather efficient abuse department, unlike so many of the large
    companies Mr. Gibson is so eager to criticize.

    Once we heard about Mr. Gibson's troubles (yay slashdot), and noticed the
    two references to us, we immediately contacted Mr. Gibson to see if there
    was anything we could help with, or if there was anything he wanted us to
    do.

    The reply came about a week later, and while I'd prefer not to post it to
    NANOG, let's just say that it was effectively a form letter saying "thanks
    for contacting me about the DDoS attacks. I've decided I'm just going to
    move on, and have a nice life".

    Suffice it to say that we were quite upset. Mr. Gibson didn't seem to have
    any problems criticizing EarthLink, @Home, etc for not being responsible,
    but Mr. Gibson a) never contacted us, despite the fact that abusive usage of
    our services seemed to play a large role in the attacks he was a victim of,
    and b) rejected our offer to help.

    That, along with questionable claims on his site about magic packets that
    can penetrate through NATs and similar devices, means that I have very
    little confidence in Mr. Gibson from a technical perspective, although as I
    said before I'd sincerely like to congratulate him on his FUD-spreading
    skills.

    Oh, and FWIW, wkdbots.***.** was removed promptly anyways... it now points
    to a nice useless RFC 1918 IP. Should we mention that the two wicked and
    b0ss people contacted us, too, wanting their hostnames/accoutns back?

    Vivien
    --
    Vivien M.
    vivienm@dyndns.org
    Assistant System Administrator
    Dynamic DNS Network Services
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  6. #6
    Senior Member
    Join Date
    Nov 2002
    Posts
    382
    10.x.x.x/8 or 192.x.x.x/24 are not within the world wild public address address.
    These net adds are use only to internal purposes (and may be nated further on to reach the www).

    It would have make no sense if you were able to probe that IPaddy!
    I think the site you've seen that address on is giving example of networking (maybe hacking) techniques with unconsistent address in order to be law protected.
    [shadow] SHARING KNOWLEDGE[/shadow]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •