[Gllug] Mail Snooping - was: CNAME in in-addr.arpa ????

[Alain Williams]

On Fri, Oct 24, 2003 at 11:26:18PM +0100, Xander D Harkness wrote:
> Alain Williams wrote:
> 
> >If I go:
> >	host 194.201.169.65
> >I get:
> >	65.169.201.194.in-addr.arpa is an alias for 
> >	65.64.169.201.194.in-addr.arpa.
> >	65.64.169.201.194.in-addr.arpa domain name pointer 
> >	mailhost.pme.co.uk.
> >
> >What is going on here ? How can one IP address be an alias for another (in 
> >DNS at any rate) ???
> >
> >And:
> >	host mailhost.pme.co.uk
> >gives:
> >	mailhost.pme.co.uk has address 194.201.169.65
> >
> >
> >I have never seen this before.
> >
> > 
> >
> Someone has not copied and pasted correctly when creating their zone 
> file :-)
> 
> 65.64.169.201.194.in-addr.arpa.
> 
> When creating 65 they forgot to delete 64.  They should have scripted it :-)
> 
> I would say that it is a munged zone file.

The thing that makes this interesting is the story about how I got the IP address:

1) Big civil rights march on Weds (see link at bottom) - I take lots of pictures
2) Thurs 10:56 I email the URL to a friend (ISP is NTL). Location NOT linked from anywhere
   My mail logs show that the mail went straight to NTL.
3) Thurs 11:34 my site visited from 194.201.169.65, pictures downloaded
4) Thurs 15:14 my friend takes the pictures from an NTL IP address

My friend knows nothing of the facilities management company pme.co.uk that *apparently*
browsed my site from 194.201.169.65.

I doubt that I will ever know who visited my web site. I don't know if the email was snooped
at NTL (via a carnivore machine or something) or was taken en-route to NTL (much more difficult).

Interesting all the same. Some of the conspiracy theories are right !

-- 
Alain Williams

#include <std_disclaimer.h>

FATHERS-4-JUSTICE - Campaigning for equal rights for parents and the
best interests of our children. See http://www.fathers-4-justice.org

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug