On Sat, 18 Mar 2006, Robert MannI wrote:
But then, when I try to resolve the ip address back to a domain, using either
"host xx.xx.xx.xx" on mac os x, or
"/usr/bin/resolveip xx.xx.xx.xx" on linux,
the ip address is resolved to a domain name that is a little bit suspicious:
ns2.decayandcorrupt.com
Is this an attack?
Not necessarily. It could be your client uses decayandcorrupt.com for
their hosting, which itself is hosted within ev1servers.com.
I recommend using dig to find out where everything is, if you want the
real story. 'dig a $hostname' will turn up the IP address, 'dig ns
$hostname' will turn up the name server. If you want the whole zone file
for inspection and to doublecheck, do 'dig @ns2.decayandcorrupt.com axfr
$hostname' to get the whole zone file (and if it denies you, use ns1
instead), and doublecheck the whois record for the domain name.
-Dennis
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
