В компании "Телеком" есть два DNS-сервера: 213.59.247.2 и 195.161.106.2. Первый сервер принадлежит компании "Телеком", второй - "Ростелеком".
DNS-сервер показывает пользователю, какой ip-адрес у веб-адреса. Например у ingushetiya.ru = 65.23.154.34.
Но DNS-сервер 213.59.247.2 сообщает, что ingushetiya.ru = 216.131.77.26. По этому ip-адресу расположен порносайт http://www.freebigmovies.com/.
Таким образом, всем пользователям компании "Телеком" по адресу www.ingushetiya.ru показывается порносайт.
Любой пользователь может убедиться в правильности этой информации, если выполнит команду "nslookup ingushetiya.ru 213.59.247.2".
Данные настройки сделаны специально в компании "Телеком", либо их DNS-сервер был взломан или атакован. Однако, последнее исключается, поскольку в компании сообщили, что у них все нормально.
Техническая информация:
Кратко:
---
Server: 213.59.247.2
Address: 213.59.247.2#53
Address: 216.131.77.26
$ whois 213.59.247.2
...
% Information related to '213.59.247.0 - 213.59.247.255'
inetnum: 213.59.247.0 - 213.59.247.255
netname: ILES-TELEKOM-NET
descr: OOO TELEKOM
descr: 5, Geroev Bresta Str.,
descr: Nazran, Republic of Ingushetia, Russia,
366720
country: RU
admin-c: ID300-RIPE
tech-c: ID300-RIPE
status: ASSIGNED PA
mnt-by: AS8342-MNT
source: RIPE # Filtered
person: Iles Dzaurov
address: OOO TELEKOM
address: 5, Geroev Bresta Str.,
address: Nazran, Republic of Ingushetia, Russia,
366720
phone: +7 8734 553011
fax-no: +7 8734 553011
nic-hdl: ID300-RIPE
source: RIPE # Filtered
$ traceroute 213.59.247.2
traceroute to 213.59.247.2 (213.59.247.2), 64 hops max, 40 byte packets
1 65.23.129.1 (65.23.129.1) 3.307 ms 0.349 ms 0.257 ms
2 ve5.fr3.phx2.llnw.net (69.28.171.101) 5.763 ms 19.023 ms 2.066 ms
3 tge1-3.fr3.dal.llnw.net (69.28.171.130) 35.873 ms
27.359 ms 27.371 ms
4 tge5-3.fr3.ord.llnw.net (69.28.171.198) 52.528 ms
51.336 ms 51.241 ms
5 ve6.fr4.ord.llnw.net (69.28.172.42) 51.647 ms 51.256 ms 54.816 ms
6 tge11-3.fr3.lga.llnw.net (69.28.171.194) 78.414 ms
78.393 ms 78.555 ms
7 tge1-2.fr3.lon.llnw.net (69.28.171.126) 146.192 ms 146.270 ms 146.221 ms
8 lnd-bgw0-ge0-1-0-102.rt-comm.ru (195.66.224.90) 165.470 ms 167.561 ms 165.551 ms
9 nazran-car0-ml1.rt-comm.ru (195.161.156.10) 270.709 ms
275.524 ms 275.771 ms
10 217.106.22.154 (217.106.22.154) 338.638 ms !X *
360.008 ms !X
$
---
Подробно:
---
[rm-1001-19:~]$ date
понедельник, 12 ноября 2007 г. 20:58:54 (MSK) [rm-1001-19:~]$ ifconfig
rl0: flags=8843 mtu 1500
options=8
inet 65.23.154.34 netmask 0xffffff00 broadcast
65.23.154.255
ether 00:01:29:ff:6c:45
media: Ethernet autoselect (100baseTX
)
status: active
plip0:
flags=108810 mtu 1500
lo0: flags=8049 mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet6 ::1 prefixlen 128
213.59.247.2
;; connection timed out; no servers could be reached
213.59.247.2
Server: 213.59.247.2
Address: 213.59.247.2#53
Address: 216.131.77.26
[rm-1001-19:~]$ nslookup -ty=any ingushetiya.ru
213.59.247.2
Server: 213.59.247.2
Address: 213.59.247.2#53
Name: ingushetiya.ru
Address: 216.131.77.26
ingushetiya.ru nameserver = ns1.
ingushetiya.ru
origin = ns1
mail addr = admin
serial = 9
refresh = 900
retry = 600
expire = 86400
minimum = 3600
[rm-1001-19:~]$ whois ingushetiya.ru
% By submitting a query to RIPN's Whois Service % you agree to abide by the following terms of use:
domain: INGUSHETIYA.RU
type: CORPORATE
nserver: ns.ingushetiya.ru. 65.23.154.34
nserver: ns4.nic.ru.
nserver: ns8.nic.ru.
state: REGISTERED, DELEGATED
person: Magomed Y Evloev
phone: +7 095 2387940
fax-no: +7 095 2387940
registrar: RUCENTER-REG-RIPN
created: 2001.08.08
paid-till: 2008.08.08
source: TC-RIPN
Last updated on 2007.11.12 20:54:01 MSK/MSD
Server: ns.ingushetiya.ru
Address: 65.23.154.34#53
[rm-1001-19:~]$ nslookup -ty=any ingushetiya.ru ns.ingushetiya.ru
Server: ns.ingushetiya.ru
Address: 65.23.154.34#53
ingushetiya.ru
origin = ns.ingushetiya.ru
mail addr = hostmaster.ns.ingushetiya.ru
serial = 2007040701
refresh = 36000
retry = 3600
expire = 604800
minimum = 86400
ingushetiya.ru nameserver = ns8.nic.ru.
ingushetiya.ru nameserver = ns.ingushetiya.ru.
ingushetiya.ru nameserver = ns4.nic.ru.
ingushetiya.ru mail exchanger = 50
mx.ingushetiya.ru.postman.ru.
Name: ingushetiya.ru
Address: 65.23.154.34
[rm-1001-19:~]$
[rm-1001-19:~]$ nslookup -ty=any ingushetiya.ru ns8.nic.ru
Server: ns8.nic.ru
Address: 193.232.130.14#53
ingushetiya.ru
origin = ns.ingushetiya.ru
mail addr = hostmaster.ns.ingushetiya.ru
serial = 2007040701
refresh = 36000
retry = 3600
expire = 604800
minimum = 86400
ingushetiya.ru nameserver = ns8.nic.ru.
ingushetiya.ru nameserver = ns.ingushetiya.ru.
ingushetiya.ru nameserver = ns4.nic.ru.
Name: ingushetiya.ru
Address: 65.23.154.34
ingushetiya.ru mail exchanger = 50
mx.ingushetiya.ru.postman.ru.
[rm-1001-19:~]$
[rm-1001-19:~]$ nslookup -ty=any ingushetiya.ru
195.161.106.2
Server: 195.161.106.2
Address: 195.161.106.2#53
Non-authoritative answer:
Name: ingushetiya.ru
Address: 65.23.154.34
ingushetiya.ru nameserver = ns8.nic.ru.
ingushetiya.ru nameserver = ns.ingushetiya.ru.
ingushetiya.ru nameserver = ns4.nic.ru.
Authoritative answers can be found from:
ingushetiya.ru nameserver = ns.ingushetiya.ru.
ingushetiya.ru nameserver = ns4.nic.ru.
ingushetiya.ru nameserver = ns8.nic.ru.
[rm-1001-19:~]$
195.161.106.2
Server: 195.161.106.2
Address: 195.161.106.2#53
Non-authoritative answer:
Authoritative answers can be found from:
ingushetiya.ru nameserver = ns.ingushetiya.ru.
ingushetiya.ru nameserver = ns4.nic.ru.
ingushetiya.ru nameserver = ns8.nic.ru.
[rm-1001-19:~]$
[rm-1001-19:~]$ whois 213.59.247.2
OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL
ReferralServer: whois://whois.ripe.net:43
NetRange: 213.0.0.0 - 213.255.255.255
CIDR: 213.0.0.0/8
NetName: RIPE-213
NetHandle: NET-213-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
NameServer: NS-PRI.RIPE.NET
NameServer: NS3.NIC.FR
NameServer: SUNIC.SUNET.SE
NameServer: NS-EXT.ISC.ORG
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
NameServer: TINNIE.ARIN.NET
Comment: These addresses have been further assigned to
users in
Comment: the RIPE NCC region. Contact information can be
found in
RegDate:
Updated: 2005-07-27
# ARIN WHOIS database, last updated 2007-11-11 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database.
% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% Note: This output has been filtered.
% To receive output for a database update, use the
"-B" flag
% Information related to '213.59.247.0 - 213.59.247.255'
inetnum: 213.59.247.0 - 213.59.247.255
netname: ILES-TELEKOM-NET
descr: OOO TELEKOM
descr: 5, Geroev Bresta Str.,
descr: Nazran, Republic of Ingushetia, Russia,
366720
country: RU
admin-c: ID300-RIPE
tech-c: ID300-RIPE
status: ASSIGNED PA
mnt-by: AS8342-MNT
source: RIPE # Filtered
person: Iles Dzaurov
address: OOO TELEKOM
address: 5, Geroev Bresta Str.,
address: Nazran, Republic of Ingushetia, Russia,
366720
phone: +7 8734 553011
fax-no: +7 8734 553011
nic-hdl: ID300-RIPE
source: RIPE # Filtered
% Information related to '213.59.0.0/16AS8342'
route: 213.59.0.0/16
descr: RTCOMM-RU
origin: AS8342
mnt-by: AS8342-MNT
source: RIPE # Filtered
[rm-1001-19:~]$
[rm-1001-19:~]$ traceroute 213.59.247.2
traceroute to 213.59.247.2 (213.59.247.2), 64 hops max, 40 byte packets
1 65.23.129.1 (65.23.129.1) 3.307 ms 0.349 ms 0.257 ms
2 ve5.fr3.phx2.llnw.net (69.28.171.101) 5.763 ms 19.023 ms 2.066 ms
3 tge1-3.fr3.dal.llnw.net (69.28.171.130) 35.873 ms
27.359 ms 27.371 ms
4 tge5-3.fr3.ord.llnw.net (69.28.171.198) 52.528 ms
51.336 ms 51.241 ms
5 ve6.fr4.ord.llnw.net (69.28.172.42) 51.647 ms 51.256 ms 54.816 ms
6 tge11-3.fr3.lga.llnw.net (69.28.171.194) 78.414 ms
78.393 ms 78.555 ms
7 tge1-2.fr3.lon.llnw.net (69.28.171.126) 146.192 ms 146.270 ms 146.221 ms
8 lnd-bgw0-ge0-1-0-102.rt-comm.ru (195.66.224.90) 165.470 ms 167.561 ms 165.551 ms
9 nazran-car0-ml1.rt-comm.ru (195.161.156.10) 270.709 ms
275.524 ms 275.771 ms
10 217.106.22.154 (217.106.22.154) 338.638 ms !X *
360.008 ms !X
[rm-1001-19:~]$
| 
| RSS
