Early today, the domains of Linkedin a social networking site , were pointing to an IP address 204.11.56.17.
Queried whois.arin.net with "n 204.11.56.17"... NetRange: 204.11.56.0 - 204.11.59.255 CIDR: 204.11.56.0/22 OriginAS: AS40034 NetName: CONFLUENCE-NETWORKS--TX3 NetHandle: NET-204-11-56-0-1 Parent: NET-204-0-0-0-0 NetType: Direct Allocation Comment: Hosted in Austin TX. Abuse : abuse@confluence-networks.com
Alongwith this Fedility.com was also pointing to an IP address 204.11.56.22 which belongs to confluence-networks.com. However upon closer inspection, the case of DNS-A-Record modification is just not limited to these two domains. We have counted over 1000 A records for numerous domains which untill a few hours ago pointed to 204.11.56.17 or 204.11.56.22
The common factor in all these domains is that
1: These domains were registered by Network Solutions
2: IP address of A records for these domains and their sub-domains is either 204.11.56.17 or 204.11.56.22.
3: The NS server ns1617.ztomy.com . However it is to be noted that the NS belongs to a different registrar and is primarily used for Parking domains.
ns1622.ztomy.com. 172375 IN A 204.11.56.22 ns2622.ztomy.com. 300 IN A 204.11.57.22 ns1617.ztomy.com. 81 IN A 204.11.56.17
This effectively means that the domains in question were pointing to a Domain Parking Address belonging to a different registrar.
How the DNS records of these domains , which incidentally belong to Network Solutions , were altered and made to point to a Parking NS, is yet to be ascertained.
[UPDATE]
Confluence Networks has issued a statement , which essential points towards the most dreaded of all – THE HUMAN ERROR. You may read the statement over here.
[FINAL UPDATE]
Network Solutions has finally broken the silence , you may read their side of the story over here . However this explanation by Network Solutions has instead raised a few more questions.Hoy temprano en la mañana, los dominios de Linkedin estaban apuntando a una dirección IP 204.11.56.17
También Fedility.com estaba apuntando a una dirección IP 204.11.56.22 que pertenece a confluence-networks.com. Sin embargo el caso del registro DNS-A no se limita a estos dos dominios. Hemos encontrado que hay más de 1000 ‘A records’ que apuntaron a 204.11.56.17 o 204.11.56.22
Estos dominios tienen lo siguiente:
- Estos dominios fueron registrados por Network Solutions
- La dirección IP de los “A records” para estos dominios y sus sub-dominios tienen la IP 204.11.56.17 o 204.11.56.22
- Servidor de Nombre (Name Server) ns1617.ztomy.com. El nombre de servidor pertenece a un registrador diferente y se usa para los dominios de Parqueadero (Parking domains).
Esto significa que los dominios estaban apuntando a una dirección de Parqueadero que pertenecía a un registrador diferente.
Todavía no está confirmado en cómo se modificaron los registros de DNS de estos dominios que pertenecen a Network Solutions y realizado para que apunte a un nombre de servidor de parqueadero (Parking Name Server).
[NOTICIA]
Confluence Networks han publicado una declaración acerca el error humano. Usted puede leer la declaración aquí
[NOTICIA FINAL]
Finalmente, Network Solutions han publicado su declaración, usted puede la declaración de ellos aquí.
Sin embargo esta explicación por parte de Network Solutions ha causado más cuestiones.
3 Comments
Pingback: The LinkedIn hack that wasn’t » Cyber Crimes Unit | Cyber Crimes Unit
Pingback: The LinkedIn hack that wasn’t | My Blog
Pingback: The LinkedIn hack that wasn’t » Cyber Crimes Unit | Cyber Crimes Unit