Solved

Weird domain name entries for microsoft.com

Posted on 2006-11-20
5
351 Views
Last Modified: 2011-09-20
When I go to this link and search for google.com or microsoft.com:

http://www.whois.net/whois_new.cgi?d=microsoft&tld=com

I get a lot of strange entries like:

MICROSOFT.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM
MICROSOFT.COM.ZZZOMBIED.AND.HACKED.BY.WWW.WEB-HACK.COM
MICROSOFT.COM.ZZZ.IS.0WNED.AND.HAX0RED.BY.SUB7.NET
MICROSOFT.COM.WILL.LIVE.FOREVER.BECOUSE.UNIXSUCKS.COM
MICROSOFT.COM.WILL.BE.SLAPPED.IN.THE.FACE.BY.MY.BLUE.VEINED.SPANNER.NET
MICROSOFT.COM.WILL.BE.BEATEN.WITH.MY.SPANNER.NET
MICROSOFT.COM.WAREZ.AT.TOPLIST.GULLI.COM

How is this done? And how can I prevent my domain from having the same type of problem?
0
Comment
Question by:eggster34
  • 3
5 Comments
 
LVL 1

Expert Comment

by:data_grrr
ID: 17984559
you can't.

MICROSOFT.COM.WAREZ.AT.TOPLIST.GULLI.COM

'com' is the top level domain
and somebody has taken the 'gulli ' second level domain.

then this person probably has taken the control of his domain from the domain name seller.

than at his dns server he created the
toplist subdomain
at subdomain
warez subdomain
com subdomain
microsoft subdomain

the second 'com' isn't the top-level domain 'com'.

if its been created in the records of the domain seller's server, maybe you have a chance to warn the company.
0
 
LVL 1

Expert Comment

by:data_grrr
ID: 17984706
also these subdomains shouldn't be listed with whois.. but whois doesn't search your exact term.. and any registrar (there are a lot of registrars now) gives these 'funny' whois information then it must be listed.

actually it isn't the problem of internic.net. if you go to their site

www.internic.net and look the whois info. there
you will see the actual whois records of microsoft.com

now the gulli.com has given extra whois information and this is the problem.

maybe you could warn the 'false'(literally) registrar not to use that information
but this is again not a solution..cos there is actually a
MICROSOFT.COM.WAREZ.AT.TOPLIST.GULLI.COM on the Internet.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17985035
I've seen this too, my whois runs against crsnic.net (verisign) and returns those same results, but another PC hit's OpenSRS/TuCows for the actual record. I think it might have something to do with a DNS poison, or some misconfiguration... if you do a whois for microsoft.com.net or google.com.net you'll see these same results...
http://www.whois.net/whois_new.cgi?d=microsoft.com&tld=net
http://www.whois.net/whois_new.cgi?d=google.com&tld=net
This is because com.net is Sogo and for some reason whois is searching com.net... weird...
-rich
0
 
LVL 1

Accepted Solution

by:
data_grrr earned 500 total points
ID: 17985151
no it's not a dns poisoning.. like i said above it's just stupid :)

Searching for MICROSOFT.COM.WAREZ.AT.TOPLIST.GULLI.COM A record at a.root-servers.net [198.41.0.4]: Got referral to F.GTLD-SERVERS.NET. (zone: com.) [took 7 ms]
Searching for MICROSOFT.COM.WAREZ.AT.TOPLIST.GULLI.COM A record at F.GTLD-SERVERS.NET. [192.35.51.30]: Got referral to ns1.gulli.com. (zone: gulli.com.) [took 101 ms]
Searching for MICROSOFT.COM.WAREZ.AT.TOPLIST.GULLI.COM A record at ns1.gulli.com. [80.190.192.41]: Reports microsoft.com.warez.at.toplist.gulli.com. [took 200 ms]
microsoft.com.warez.at.toplist.gulli.com.      A      IN      3600      80.190.192.33

ns1.gulli.com just gives its A record for the address.

and both of the addresses are in the same class: A:80.190.192.33 and ns1: 80.190.192.41
which tells me dns zone controlled by the person who put this record in dns.



0
 
LVL 7

Expert Comment

by:killbrad
ID: 17988954
To put this simply, if you own a domain name, you can have as many subdomains with whichever names you please.  For example:

If I owned SUCK.COM, I could make YOU.SUCK.COM, POLITICIANS.SUCK.COM, or even THOSE.COOKIES.YOU.BAKED.LAST.NIGHT.SUCK.COM.

There is no way to stop people from doing this with a domain they own.  

Cheers!
0

Featured Post

New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
How important is it to take extra precautions to protect your online business? These are some steps you can take to make sure you're free of any cyber crime.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
A short film showing how OnPage and Connectwise integration works.

947 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now