-
August 31st, 2003, 10:02 PM
#1
host resolution problem
i am facing something wrong here...
i tried to ping ips.mine.nu
the response i got is this
PING ips.mine.nu (10.0.1.128) from 10.1.5.11 : 56(84) bytes of data.
From 10.1.5.11 icmp_seq=1 Destination Host Unreachable
From 10.1.5.11 icmp_seq=2 Destination Host Unreachable
From 10.1.5.11 icmp_seq=3 Destination Host Unreachable
From 10.1.5.11 icmp_seq=4 Destination Host Unreachable
From 10.1.5.11 icmp_seq=5 Destination Host Unreachable
From 10.1.5.11 icmp_seq=6 Destination Host Unreachable
From 10.1.5.11 icmp_seq=7 Destination Host Unreachable
From 10.1.5.11 icmp_seq=8 Destination Host Unreachable
From 10.1.5.11 icmp_seq=9 Destination Host Unreachable
--- ips.mine.nu ping statistics ---
11 packets transmitted, 0 received, +9 errors, 100% loss, time 10277ms
, pipe 3
how it can resolve to 10.0.1.128....
my /etc/hosts file is as follows...
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
and we are not using any DNS server in the local net....and moreover we are not using the range 10.0.xxx.xxx
then how can this address resolve to 10.0.1.128....all other resolutions are fine....
guru@linux:~> who I grep -i blonde I talk; cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep;
-
August 31st, 2003, 10:20 PM
#2
no your not facing something wrong...i get the same response trying to ping it. where did you get the url from. it makes sense that the ip address would respond like that, reserverved and all that but why would a name server resole it that way.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
August 31st, 2003, 10:33 PM
#3
well i got it from a website while surfing.
guru@linux:~> who I grep -i blonde I talk; cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep;
-
August 31st, 2003, 11:35 PM
#4
NullDevice,
It seems like for some strange reason, someone (someDNS server out there) has the mapping of ips.mine.nu to the unregistered private IP 10.0.1.128.
DNS is only going to resolve what the domain maps to, even if erroneously defined, which seems like the case here.
The fact that your ping is unsuccessful makes very much sense and is exactly what is supposed to happen. Querying a DNS server for a domain name and asking a router to route a packet destined for an RFC 1918 address are 2 different things.
Your query to a DNS is pointing to a public address.
You request to ping that device is relying that your nearest router has a route to that dst address.
I am assuming from your response, your local router gateway has an IP of 10.1.5.11 which in turn has a default gateway to an ISPs' router whose running BGP4 and contains a full routing table of all reachable existing public networks/addresses.
The unreachable response by the 10.1.5.11 router is a result of its nearest peer (BGP4 router), telling it that that address does not exist in its routing table..
Cheers
P.S.
If you want to contact these guys and notify them of the mistake
http://www.nunames.nu/cgi-bin/drill....inname=mine.nu
I think domain extension for country of "Niue"
-
September 1st, 2003, 06:50 AM
#5
i think the explaination lies here:
http://www.cctec.com/maillists/nanog.../msg00680.html
Subject: RE: DDOS anecdotes
> Can you elaborate further?
Certainly, I can elaborate further. (although not in HTML... plain text is
so much more elegant)
>From Mr. Gibson's page:
"<Gibson> It looks like he's lost his dynDNS
<^b0ss^> you know what serve he keeps them all on
<^b0ss^> yup
<Gibson> yeah, I have his server, but I think he's off the air
<Gibson> for now and won't be bothering me again any time soon.
<^b0ss^> we had alot of bots on ips.mine.nu
<^b0ss^> but they took it down
<^b0ss^> for illegal use"
""Wicked" and his IRC Bots communicate by logging onto an IRC server located
at the domain "wkdbots.***.**" (I have blanked the upper portion of the
domain to allow me to provide all other details.) This domain name is hosted
by a dynamic DNS service, allowing Wicked to change the location of the IRC
server, as needed, by pointing the "wkdbots" domain at a different IP
address. This highlights one of the several weaknesses of the IRC Bots
system: A single discovered Bot reveals the IRC meeting place of the entire
Bot fleet. The subsequent loss of access to their shared domain cripples the
Bot network by denying its access to its central communications hub. "
We thus have the reference to dynamic DNS services twice here. Now, I ought
to mention that mine.nu is one of our domains (although ips.mine.nu was
indeed removed for AUP violations as Mr. Gibson points out). So, there's the
first reference to us. The second is the "wkdbots.***.**". It just so
happens that we provide services in a domain that's ***.**, and
coincidentally enough, there was a wkdbots.***.** in that domain.
So, I think it's fairly clear that Mr. Gibson was talking about us here
(some of our users were also able to make the wkdbots.***.** link and
emailed us pointing us to Mr. Gibson's site). What happened? Well... He
never contacted us about the wkdbots.***.**, for one thing... even though we
have a rather efficient abuse department, unlike so many of the large
companies Mr. Gibson is so eager to criticize.
Once we heard about Mr. Gibson's troubles (yay slashdot), and noticed the
two references to us, we immediately contacted Mr. Gibson to see if there
was anything we could help with, or if there was anything he wanted us to
do.
The reply came about a week later, and while I'd prefer not to post it to
NANOG, let's just say that it was effectively a form letter saying "thanks
for contacting me about the DDoS attacks. I've decided I'm just going to
move on, and have a nice life".
Suffice it to say that we were quite upset. Mr. Gibson didn't seem to have
any problems criticizing EarthLink, @Home, etc for not being responsible,
but Mr. Gibson a) never contacted us, despite the fact that abusive usage of
our services seemed to play a large role in the attacks he was a victim of,
and b) rejected our offer to help.
That, along with questionable claims on his site about magic packets that
can penetrate through NATs and similar devices, means that I have very
little confidence in Mr. Gibson from a technical perspective, although as I
said before I'd sincerely like to congratulate him on his FUD-spreading
skills.
Oh, and FWIW, wkdbots.***.** was removed promptly anyways... it now points
to a nice useless RFC 1918 IP. Should we mention that the two wicked and
b0ss people contacted us, too, wanting their hostnames/accoutns back?
Vivien
--
Vivien M.
vivienm@dyndns.org
Assistant System Administrator
Dynamic DNS Network Services
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
September 1st, 2003, 01:46 PM
#6
10.x.x.x/8 or 192.x.x.x/24 are not within the world wild public address address.
These net adds are use only to internal purposes (and may be nated further on to reach the www).
It would have make no sense if you were able to probe that IPaddy!
I think the site you've seen that address on is giving example of networking (maybe hacking) techniques with unconsistent address in order to be law protected.
[shadow] SHARING KNOWLEDGE[/shadow]
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|