?
Solved

Weird domain name entries for microsoft.com

Posted on 2006-11-20
5
Medium Priority
?
376 Views
Last Modified: 2011-09-20
When I go to this link and search for google.com or microsoft.com:

http://www.whois.net/whois_new.cgi?d=microsoft&tld=com

I get a lot of strange entries like:

MICROSOFT.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM
MICROSOFT.COM.ZZZOMBIED.AND.HACKED.BY.WWW.WEB-HACK.COM
MICROSOFT.COM.ZZZ.IS.0WNED.AND.HAX0RED.BY.SUB7.NET
MICROSOFT.COM.WILL.LIVE.FOREVER.BECOUSE.UNIXSUCKS.COM
MICROSOFT.COM.WILL.BE.SLAPPED.IN.THE.FACE.BY.MY.BLUE.VEINED.SPANNER.NET
MICROSOFT.COM.WILL.BE.BEATEN.WITH.MY.SPANNER.NET
MICROSOFT.COM.WAREZ.AT.TOPLIST.GULLI.COM

How is this done? And how can I prevent my domain from having the same type of problem?
0
Comment
Question by:eggster34
  • 3
5 Comments
 
LVL 1

Expert Comment

by:data_grrr
ID: 17984559
you can't.

MICROSOFT.COM.WAREZ.AT.TOPLIST.GULLI.COM

'com' is the top level domain
and somebody has taken the 'gulli ' second level domain.

then this person probably has taken the control of his domain from the domain name seller.

than at his dns server he created the
toplist subdomain
at subdomain
warez subdomain
com subdomain
microsoft subdomain

the second 'com' isn't the top-level domain 'com'.

if its been created in the records of the domain seller's server, maybe you have a chance to warn the company.
0
 
LVL 1

Expert Comment

by:data_grrr
ID: 17984706
also these subdomains shouldn't be listed with whois.. but whois doesn't search your exact term.. and any registrar (there are a lot of registrars now) gives these 'funny' whois information then it must be listed.

actually it isn't the problem of internic.net. if you go to their site

www.internic.net and look the whois info. there
you will see the actual whois records of microsoft.com

now the gulli.com has given extra whois information and this is the problem.

maybe you could warn the 'false'(literally) registrar not to use that information
but this is again not a solution..cos there is actually a
MICROSOFT.COM.WAREZ.AT.TOPLIST.GULLI.COM on the Internet.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17985035
I've seen this too, my whois runs against crsnic.net (verisign) and returns those same results, but another PC hit's OpenSRS/TuCows for the actual record. I think it might have something to do with a DNS poison, or some misconfiguration... if you do a whois for microsoft.com.net or google.com.net you'll see these same results...
http://www.whois.net/whois_new.cgi?d=microsoft.com&tld=net
http://www.whois.net/whois_new.cgi?d=google.com&tld=net
This is because com.net is Sogo and for some reason whois is searching com.net... weird...
-rich
0
 
LVL 1

Accepted Solution

by:
data_grrr earned 1500 total points
ID: 17985151
no it's not a dns poisoning.. like i said above it's just stupid :)

Searching for MICROSOFT.COM.WAREZ.AT.TOPLIST.GULLI.COM A record at a.root-servers.net [198.41.0.4]: Got referral to F.GTLD-SERVERS.NET. (zone: com.) [took 7 ms]
Searching for MICROSOFT.COM.WAREZ.AT.TOPLIST.GULLI.COM A record at F.GTLD-SERVERS.NET. [192.35.51.30]: Got referral to ns1.gulli.com. (zone: gulli.com.) [took 101 ms]
Searching for MICROSOFT.COM.WAREZ.AT.TOPLIST.GULLI.COM A record at ns1.gulli.com. [80.190.192.41]: Reports microsoft.com.warez.at.toplist.gulli.com. [took 200 ms]
microsoft.com.warez.at.toplist.gulli.com.      A      IN      3600      80.190.192.33

ns1.gulli.com just gives its A record for the address.

and both of the addresses are in the same class: A:80.190.192.33 and ns1: 80.190.192.41
which tells me dns zone controlled by the person who put this record in dns.



0
 
LVL 7

Expert Comment

by:killbrad
ID: 17988954
To put this simply, if you own a domain name, you can have as many subdomains with whichever names you please.  For example:

If I owned SUCK.COM, I could make YOU.SUCK.COM, POLITICIANS.SUCK.COM, or even THOSE.COOKIES.YOU.BAKED.LAST.NIGHT.SUCK.COM.

There is no way to stop people from doing this with a domain they own.  

Cheers!
0

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

2017 was a scary year for cyber security.  Hear what our security experts say that hackers have in store for us in 2018.
You do not need to be a security expert to make the RIGHT security. You just need some 3D guidance, to help lay out an action plan to secure your business operations. It does not happen overnight. You just need to start now and do the first thin…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

599 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question