[Gllug] Mail Snooping - was: CNAME in in-addr.arpa ????
Alain Williams
addw at phcomp.co.uk
Sat Oct 25 09:45:42 UTC 2003
On Fri, Oct 24, 2003 at 11:26:18PM +0100, Xander D Harkness wrote:
> Alain Williams wrote:
>
> >If I go:
> > host 194.201.169.65
> >I get:
> > 65.169.201.194.in-addr.arpa is an alias for
> > 65.64.169.201.194.in-addr.arpa.
> > 65.64.169.201.194.in-addr.arpa domain name pointer
> > mailhost.pme.co.uk.
> >
> >What is going on here ? How can one IP address be an alias for another (in
> >DNS at any rate) ???
> >
> >And:
> > host mailhost.pme.co.uk
> >gives:
> > mailhost.pme.co.uk has address 194.201.169.65
> >
> >
> >I have never seen this before.
> >
> >
> >
> Someone has not copied and pasted correctly when creating their zone
> file :-)
>
> 65.64.169.201.194.in-addr.arpa.
>
> When creating 65 they forgot to delete 64. They should have scripted it :-)
>
> I would say that it is a munged zone file.
The thing that makes this interesting is the story about how I got the IP address:
1) Big civil rights march on Weds (see link at bottom) - I take lots of pictures
2) Thurs 10:56 I email the URL to a friend (ISP is NTL). Location NOT linked from anywhere
My mail logs show that the mail went straight to NTL.
3) Thurs 11:34 my site visited from 194.201.169.65, pictures downloaded
4) Thurs 15:14 my friend takes the pictures from an NTL IP address
My friend knows nothing of the facilities management company pme.co.uk that *apparently*
browsed my site from 194.201.169.65.
I doubt that I will ever know who visited my web site. I don't know if the email was snooped
at NTL (via a carnivore machine or something) or was taken en-route to NTL (much more difficult).
Interesting all the same. Some of the conspiracy theories are right !
--
Alain Williams
#include <std_disclaimer.h>
FATHERS-4-JUSTICE - Campaigning for equal rights for parents and the
best interests of our children. See http://www.fathers-4-justice.org
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list