big security problem if you have an uncontrolled and not authorized web server on that ip and that is not firewalled
to find it out check arp tables on switches to follow switch port where it isphisical linked [cid:bdc2d58d-9e89-4c5a-8ac8-8232cd9e10a8] https://www.linkedin.com/in/alberto-colosi ________________________________ From: Bhangui, Sandeep - BLS CTR <bhangui.sand...@bls.gov> Sent: Saturday, September 17, 2016 7:52 PM To: Alberto ----; bind-users@lists.isc.org Subject: RE: Organization IP address is getting redirected to a website which does not belong to the organization. Understood and I am sure they are aware of those protocols. We do not have a webserver which is hosted on 146.142.7.113 that I can categorically say as that falls under our team. Network folks are having a tough time even finding an active device with that IP on the network. Thanks Sandeep From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Alberto ---- Sent: Saturday, September 17, 2016 12:52 PM To: bind-users@lists.isc.org Subject: Re: Organization IP address is getting redirected to a website which does not belong to the organization. hmmmmmmmmmmm if they manage firewalls , they should be aware of TCP/IP foundamentals and HTTP working and much more the browser perform a GET on 146.142.7.113 with RFC HTTP protocol then 146.142.7.113 say item moved / redirect to http://us.watcheezy.com/ you have to check web server configuration or HTML / PHP / ........ pages on root link from the web server 146.142.7.113 when the browser get a REDIRECT , is the browser on client machine that perform a new GET statement on the new address is normal that firewall team see nothing else if not a packet capture and analisys is performed ________________________________ From: bind-users <bind-users-boun...@lists.isc.org<mailto:bind-users-boun...@lists.isc.org>> on behalf of Bhangui, Sandeep - BLS CTR <bhangui.sand...@bls.gov<mailto:bhangui.sand...@bls.gov>> Sent: Saturday, September 17, 2016 6:43 PM To: Lyle; bind-users@lists.isc.org<mailto:bind-users@lists.isc.org> Subject: RE: Organization IP address is getting redirected to a website which does not belong to the organization. Thanks We suspected that but network folks are not able to find any device with that IP on the BLS network. Also it seems firewall folks claim they looked for the traffic coming in the BLS network and if the redirect is happening from a host which is 146.142.7.113 they should have seen some traffic correct and apparently we do not see any traffic. Thanks Sandeep -----Original Message----- From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Lyle Sent: Saturday, September 17, 2016 12:01 PM To: bind-users@lists.isc.org<mailto:bind-users@lists.isc.org> Subject: Re: Organization IP address is getting redirected to a website which does not belong to the organization. On 09/17/16 10:51, Bhangui, Sandeep - BLS CTR wrote: > Hi > > Not exactly sure whether this is a DNS issue but hoping someone here on this > forum can provide some advice/suggestion as I am trying to figure out what is > going on. > > Our organization BLS owns ( registered with the registrar ) the network > address 146.142.xxx.xxx. > > But if someone from the Internet [ outside of BLS network ) tries to go to > "http://146.142.7.113"; it gets redirected to a site in UK called > "us.watcheezy.com" > > I have checked the DNS from the BLS side and we do not have any entry of > any kind for the record 146.142.7.113 on our DNS. > > I have also done DNS lookups for watcheezy.com and those seem to be good too > with respect to IP and the NS and as to what those NS are reporting. > > Can anyone throw some light on as to what is going on here.....does not look > like a DNS issue to me but I could be wrong. > > Thanks > Sandeep > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org<mailto:bind-users@lists.isc.org> > https://lists.isc.org/mailman/listinfo/bind-users There is a host listening on 146.142.7.113 tcp port 80. It's issuing a 302 redirect to http://www.watcheezy.com at ip address 37.187.76.95. That host is issuing a 301 redirect to http://us.watcheezy.com at 37.187.76.95. Lyle Giese LCR Computer Services, Inc. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org<mailto:bind-users@lists.isc.org> https://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org<mailto:bind-users@lists.isc.org> https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
