The Mossad takeover of popular Webmail
It turns out that the output of a whois query is dependent on the
specifics of the whois version used. Ain't that strange? In the below
reports i used the Mandriva Linux 2007.0 version of whois,
whois-4.7.13-1mdk :
[jackson:stock]:(~)$ rpm -q -i whois-4.7.13-1mdk
Name : whois Relocations: /usr
Version : 4.7.13 Vendor: (none)
Release : 1mdk Build Date: Sat 15 Apr 2006 02:07:42 AM CEST
Install Date: Tue 07 Nov 2006 04:36:18 AM CET Build Host: jackson.stokkie.net
Group : Networking/Other Source RPM: whois-4.7.13-1mdk.src.rpm
Size : 432712 License: GPL
Signature : (none)
URL : http://www.linux.it/~md/software/
Summary : Enhanced WHOIS client
Description :
This is a new whois (RFC 954) client rewritten from scratch.
It is derived from and compatible with the usual BSD and RIPE whois(1)
programs.
It is intelligent and can automatically select the appropriate whois
server for most queries.
[jackson:stock]:(~)$
When checking with http://www.linux.it/~md/software/ one is referred to :
http://ftp.debian.org/debian/pool/main/w/whois/
But ehh, how strange, whois-4.7.13.tar.gz is not listed there anymore.
More specific, a whole range of whois versions from 2006 and 2005 have
been removed. That is all versions between whois-4.7.5 and whois-4.7.20.
It turns out that most people on my local linux maillinglist could not
reproduce the below whois query's and got only a single whois server listed.
For yahoo.com they then only got whois.markmonitor.com as a valid answer.
So whats going on here?
A renewed installation of whois with urpmi
on Mandriva Linux 2007.0 using a online Mandriva RPM archive
still resulted in the same whois version, whois-4.7.13-1mdk.i586.rpm
and is still able to reproduce the results below. whois-4.7.13-1mdk
has been updated to whois-4.7.13-2mdk which contains updated references
to new IP assignments. See the downloads
below for a whois binary for your OS. whois.exe is Whois 2.5 from
nsauditor.com. This win32 edition doesn't show all the details, but does
show if compromised whois server records are added.
Date: Tue, 19 Jun 2007 07:58:12 +0200 (CEST)
From: "Robert M. Stockmann"
To: cloak.dagger@gmail.com, lennybloom@gmail.com,
stefangrossmann@t-online.de, too@slingshot.co.nz,
skolnick@ameritech.net, eric@vaticanassassins.org,
tips@infowars.com, tarpley@tarpley.net, tom@tomflocco.com>,
takingaim@pacbell.net, stewwebb@sierranv.net,
prophecy@texemarrs.com, webmaster@rense.com,
wmreditor@waynemadsenreport.com, captainmay@prodigy.net,
palast@gregpalast.com, henry@savethemales.ca,
chamish@netvision.net.il, smith@iamthewitness.com,
crescentandcross@gmail.com, articles@davidicke.com
Subject: URGENT : The Mossad takeover of Email and Websites
Message-ID:
MIME-Version: 1.0
Hi,
Do not become offended if your popular email adress ending with
@hotmail.com,
@aol.com,
@yahoo.com,
is skipped from this small email list. There's a very simple
reason for this, as a whois of these three domains will show ;
WHOIS HOTMAIL.COM : TAKENOVER BY THE MOSSAD
========================================================================
[jackson:stock]:(~)$ whois hotmail.com
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Server Name: HOTMAIL.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM
IP Address: 69.41.185.211
Registrar: INNERWISE, INC. D/B/A ITSYOURDOMAIN.COM
Whois Server: whois.itsyourdomain.com
Referral URL: http://www.itsyourdomain.com
Server Name: HOTMAIL.COM.IS.N0T.AS.1337.AS.GULLI.COM
IP Address: 80.190.192.24
Registrar: KEY-SYSTEMS GMBH
Whois Server: whois.rrpproxy.net
Referral URL: http://www.key-systems.net
Server Name: HOTMAIL.COM.IS.HOSTED.ON.PROFITHOSTING.NET
IP Address: 66.49.213.213
Registrar: COMPUTER SERVICES LANGENBACH GMBH DBA JOKER.COM
Whois Server: whois.joker.com
Referral URL: http://www.joker.com
Server Name: HOTMAIL.COM.BR
Registrar: ENOM, INC.
Whois Server: whois.enom.com
Referral URL: http://www.enom.com
Server Name: HOTMAIL.COM.AU
Registrar: WILD WEST DOMAINS, INC.
Whois Server: whois.wildwestdomains.com
Referral URL: http://www.wildwestdomains.com
Domain Name: HOTMAIL.COM
Registrar: TUCOWS INC.
Whois Server: whois.tucows.com
Referral URL: http://domainhelp.opensrs.net
Name Server: NS1.MSFT.NET
Name Server: NS2.MSFT.NET
Name Server: NS3.MSFT.NET
Name Server: NS4.MSFT.NET
Name Server: NS5.MSFT.NET
Status: clientDeleteProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 13-oct-2006 ==========
Creation Date: 27-mar-1996
Expiration Date: 28-mar-2014
WHOIS AOL.COM : TAKENOVER BY THE MOSSAD
========================================================================
[jackson:stock]:(~)$ whois aol.com
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Server Name: AOL.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM
IP Address: 69.41.185.197
Registrar: INNERWISE, INC. D/B/A ITSYOURDOMAIN.COM
Whois Server: whois.itsyourdomain.com
Referral URL: http://www.itsyourdomain.com
Server Name: AOL.COM.MORE.INFO.AT.WWW.BEYONDWHOIS.COM
IP Address: 203.36.226.2
Registrar: TUCOWS INC.
Whois Server: whois.tucows.com
Referral URL: http://domainhelp.opensrs.net
Server Name: AOL.COM.IS.N0T.AS.1337.AS.GULLI.COM
IP Address: 80.190.192.24
Registrar: KEY-SYSTEMS GMBH
Whois Server: whois.rrpproxy.net
Referral URL: http://www.key-systems.net
Server Name: AOL.COM.IS.0WNED.BY.SUB7.NET
IP Address: 216.78.25.45
Registrar: INNERWISE, INC. D/B/A ITSYOURDOMAIN.COM
Whois Server: whois.itsyourdomain.com
Referral URL: http://www.itsyourdomain.com
Server Name: AOL.COM.AINT.GOT.AS.MUCH.FREE.PORN.AS.SECZ.COM
IP Address: 209.187.114.133
Registrar: INNERWISE, INC. D/B/A ITSYOURDOMAIN.COM
Whois Server: whois.itsyourdomain.com
Referral URL: http://www.itsyourdomain.com
Domain Name: AOL.COM
Registrar: AMERICA ONLINE, INC. DBA AOL AND/OR COMPUSERVE-AOL
Whois Server: whois.registrar.aol.com
Referral URL: http://www.registrar.aol.com
Name Server: DNS-01.NS.AOL.COM
Name Server: DNS-02.NS.AOL.COM
Name Server: DNS-06.NS.AOL.COM
Name Server: DNS-07.NS.AOL.COM
Status: clientDeleteProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 24-oct-2006 =================
Creation Date: 22-jun-1995
Expiration Date: 23-nov-2007
WHOIS YAHOO.COM : TAKENOVER BY THE MOSSAD
========================================================================
[jackson:stock]:(~)$ whois yahoo.com
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Server Name: YAHOO.COM.ZZZZZZ.MORE.INFO.AT.WWW.BEYONDWHOIS.COM
IP Address: 203.36.226.2
Registrar: TUCOWS INC.
Whois Server: whois.tucows.com
Referral URL: http://domainhelp.opensrs.net
Server Name: YAHOO.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM
IP Address: 69.41.185.196
Registrar: INNERWISE, INC. D/B/A ITSYOURDOMAIN.COM
Whois Server: whois.itsyourdomain.com
Referral URL: http://www.itsyourdomain.com
Server Name: YAHOO.COM.ZOMBIED.AND.HACKED.BY.WWW.WEB-HACK.COM
IP Address: 217.107.217.167
Registrar: ONLINENIC, INC.
Whois Server: whois.OnlineNIC.com
Referral URL: http://www.OnlineNIC.com
Server Name: YAHOO.COM.VN
Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE
Whois Server: whois.melbourneit.com
Referral URL: http://www.melbourneit.com
Server Name: YAHOO.COM.VIRGINCHASSIS.COM
IP Address: 66.218.71.205
Registrar: DOTSTER, INC.
Whois Server: whois.dotster.com
Referral URL: http://www.dotster.com
Server Name: YAHOO.COM.UNIQUELYUJEWELS.COM
IP Address: 66.218.71.205
Registrar: TUCOWS INC.
Whois Server: whois.tucows.com
Referral URL: http://domainhelp.opensrs.net
Server Name: YAHOO.COM.TWIXTEARS.COM
IP Address: 66.218.71.205
Registrar: DOTSTER, INC.
Whois Server: whois.dotster.com
Referral URL: http://www.dotster.com
Server Name: YAHOO.COM.TW
Registrar: GO DADDY SOFTWARE, INC.
Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com
Server Name: YAHOO.COM.SG
Registrar: DOTSTER, INC.
Whois Server: whois.dotster.com
Referral URL: http://www.dotster.com
Server Name: YAHOO.COM.OPTIONSCORNER.COM
IP Address: 66.218.71.205
Registrar: NAMESDIRECT.COM, INC.
Whois Server: whois.namesdirect.com
Referral URL: http://www.namesdirect.com
Server Name: YAHOO.COM.MX
Registrar: DIRECT INFORMATION PVT LTD D/B/A PUBLICDOMAINREGISTRY.COM
Whois Server: whois.PublicDomainRegistry.com
Referral URL: http://www.PublicDomainRegistry.com
Server Name: YAHOO.COM.MORE.INFO.AT.WWW.BEYONDWHOIS.COM
IP Address: 203.36.226.2
Registrar: TUCOWS INC.
Whois Server: whois.tucows.com
Referral URL: http://domainhelp.opensrs.net
Server Name: YAHOO.COM.JOSEJO.COM
IP Address: 66.218.71.205
Registrar: NAMESDIRECT.COM, INC.
Whois Server: whois.namesdirect.com
Referral URL: http://www.namesdirect.com
Server Name: YAHOO.COM.JENNINGSASSOCIATES.NET
IP Address: 66.218.71.205
Registrar: DOTSTER, INC.
Whois Server: whois.dotster.com
Referral URL: http://www.dotster.com
Server Name: YAHOO.COM.IS.N0T.AS.1337.AS.SEARCH.GULLI.COM
IP Address: 80.190.192.24
Registrar: KEY-SYSTEMS GMBH
Whois Server: whois.rrpproxy.net
Referral URL: http://www.key-systems.net
Server Name: YAHOO.COM.HK
Registrar: ENOM, INC.
Whois Server: whois.enom.com
Referral URL: http://www.enom.com
Server Name: YAHOO.COM.ELPOV.COM
IP Address: 66.21.71.205
Registrar: DOTSTER, INC.
Whois Server: whois.dotster.com
Referral URL: http://www.dotster.com
Server Name: YAHOO.COM.DALLARIVA.COM
IP Address: 66.218.71.205
Registrar: DOTSTER, INC.
Whois Server: whois.dotster.com
Referral URL: http://www.dotster.com
Server Name: YAHOO.COM.CHRISIMAMURAPHOTOWORKS.COM
IP Address: 66.218.71.205
Registrar: TUCOWS INC.
Whois Server: whois.tucows.com
Referral URL: http://domainhelp.opensrs.net
Server Name: YAHOO.COM.BR
Registrar: ENOM, INC.
Whois Server: whois.enom.com
Referral URL: http://www.enom.com
Server Name: YAHOO.COM.BGPETERSON.COM
IP Address: 66.218.71.205
Registrar: DOTSTER, INC.
Whois Server: whois.dotster.com
Referral URL: http://www.dotster.com
Server Name: YAHOO.COM.AU
Registrar: WILD WEST DOMAINS, INC.
Whois Server: whois.wildwestdomains.com
Referral URL: http://www.wildwestdomains.com
Domain Name: YAHOO.COM
Registrar: MARKMONITOR INC.
Whois Server: whois.markmonitor.com
Referral URL: http://www.markmonitor.com
Name Server: NS1.YAHOO.COM
Name Server: NS2.YAHOO.COM
Name Server: NS3.YAHOO.COM
Name Server: NS4.YAHOO.COM
Name Server: NS5.YAHOO.COM
Status: clientDeleteProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 22-jul-2005 ========================
Creation Date: 18-jan-1995
Expiration Date: 19-jan-2012
WHOIS GMAIL.COM : STILL OK, AS OF Tue Jun 19 07:47:50 CEST 2007
========================================================================
[jackson:stock]:(~)$ whois gmail.com
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Domain Name: GMAIL.COM
Registrar: MARKMONITOR INC.
Whois Server: whois.markmonitor.com
Referral URL: http://www.markmonitor.com
Name Server: NS1.GOOGLE.COM
Name Server: NS2.GOOGLE.COM
Name Server: NS3.GOOGLE.COM
Name Server: NS4.GOOGLE.COM
Status: clientDeleteProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 10-apr-2006
Creation Date: 13-aug-1995
Expiration Date: 12-aug-2014
Registrant:
Google Inc. (DOM-425410)
Please contact gmail-abuse@google.com 1600 Amphitheatre Parkway Mountain View CA 94043 US
Domain Name: gmail.com
Registrar Name: Markmonitor.com
Registrar Whois: whois.markmonitor.com
Registrar Homepage: http://www.markmonitor.com
Administrative Contact:
DNS Admin (NIC-1467103) Google Inc.
1600 Amphitheatre Parkway Mountain View CA 94043 US
dns-admin@google.com +1.6502530000 Fax- +1.6506188571
Technical Contact, Zone Contact:
DNS Admin (NIC-1467103) Google Inc.
1600 Amphitheatre Parkway Mountain View CA 94043 US
dns-admin@google.com +1.6502530000 Fax- +1.6506188571
Created on..............: 1995-Aug-13.
Expires on..............: 2014-Aug-12.
Record last updated on..: 2006-Dec-29 18:36:05.
Domain servers in listed order:
NS1.GOOGLE.COM
NS2.GOOGLE.COM
NS3.GOOGLE.COM
NS4.GOOGLE.COM
Please warn your friends who use AOL.COM, YAHOO.COM or HOTMAIL.COM for
email to take appropiate measures regarding your EMAIL communications,
SOON !!!!!!
Best Regards,
Robert
PS. I am not affiliated to GMAIL or GOOGLE in any way by name, relation,
business, friendship, marriage or whatever way one can imagine.
--
Robert M. Stockmann - RHCE
Network Engineer - UNIX/Linux Specialist
crashrecovery.org stock@stokkie.net
MOSSAD takes over MOSNEWS.COM
Date: Tue, 19 Jun 2007 08:27:56 +0200 (CEST)
From: "Robert M. Stockmann"
To: cloak.dagger@gmail.com, lennybloom@gmail.com,
stefangrossmann@t-online.de, too@slingshot.co.nz,
skolnick@ameritech.net, eric@vaticanassassins.org,
tips@infowars.com, tarpley@tarpley.net, tom@tomflocco.com,
takingaim@pacbell.net, stewwebb@sierranv.net,
prophecy@texemarrs.com, webmaster@rense.com,
wmreditor@waynemadsenreport.com, captainmay@prodigy.net,
palast@gregpalast.com, henry@savethemales.ca,
chamish@netvision.net.il, smith@iamthewitness.com,
crescentandcross@gmail.com, articles@davidicke.com
Subject: MOSSAD takes over MOSNEWS.COM
Message-ID:
MIME-Version: 1.0
Hi,
The MOSSAD has takenover the popular website MOSNEWS.COM, which had
tons of info on the Russian Oligarchs :
[jackson:stock]:(~)$ whois mosnews.com
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Domain Name: MOSNEWS.COM
Registrar: REGISTER.COM, INC.
Whois Server: whois.register.com
Referral URL: http://www.register.com
Name Server: DNS10.REGISTER.COM
Name Server: DNS9.REGISTER.COM
Status: clientDeleteProhibited
Status: clientRenewProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 30-apr-2007
Creation Date: 09-oct-2003
Expiration Date: 09-oct-2007
Registrant:
Eric Wolf
Eric Wolf
Slomtzion Ha-Malcha 24
Hertzelia, IL 46662
IL
Email: wolf.extreme@gmail.com
Registrar Name....: REGISTER.COM, INC.
Registrar Whois...: whois.register.com
Registrar Homepage: www.register.com
Domain Name: mosnews.com
Created on..............: Thu, Oct 09, 2003
Expires on..............: Tue, Oct 09, 2007
Record last updated on..: Wed, Feb 21, 2007
Administrative Contact:
Eric Wolf
Eric Wolf
Slomtzion Ha-Malcha 24
Hertzelia, IL 46662
IL
Phone: 972546236249
Email: wolferic@mac.com
Technical Contact:
Register.Com
Domain NULL Registrar
575 8th Avenue
New York, NY 10018
US
Phone: 902-749-2701
DNS Servers:
dns10.register.com
dns9.register.com
[jackson:stock]:(~)$ nslookup www.mosnews.com
Server: 10.0.18.71
Address: 10.0.18.71#53
Non-authoritative answer:
Name: www.mosnews.com
Address: 67.19.18.66
[jackson:stock]:(~)$ whois 67.19.18.66
OrgName: ThePlanet.com Internet Services, Inc.
OrgID: TPCM
Address: 1333 North Stemmons Freeway
Address: Suite 110
City: Dallas
StateProv: TX
PostalCode: 75207
Country: US
So the former valuable website MOSNEWS.COM is currently hosted
somewhere in Dallas, TX, under auspicious rendition by :
Eric Wolf
Eric Wolf
Slomtzion Ha-Malcha 24
Hertzelia, IL 46662
IL
Email: wolf.extreme@gmail.com
Mr. Wolf (a family member of former Stasi DDR Spymaster Markus Wolf?)
sure knew NOT to use email from aol.com, yahoo.com or hotmail.com. I
came to this remarkable insight after checking some links again on the
webpage :
"Russian Israeli duel for power, oil and dirty cash"
http://crashrecovery.org/fischer/
in particular :
[7] "Campaign Against the Oligarchs", Updated: 23.09.2005 21:36 MSK
http://www.mosnews.com/mn-files/oligarchs.shtml
[8] "Boris Berezovsky", Updated: 31.10.2006 12:24 MSK
http://www.mosnews.com/mn-files/berezovsky.shtml
To visit archived copies of these pages :
[7] "Campaign Against the Oligarchs", Updated: 23.09.2005 21:36 MSK
http://web.archive.org/web/20051121014913/http://www.mosnews.com/mn-files/oligarchs.shtml
[8] "Boris Berezovsky", Updated: 31.10.2006 12:24 MSK
http://web.archive.org/web/20051215132641/http://www.mosnews.com/mn-files/berezovsky.shtml
Checking Google for
http://www.google.com/search?hl=en&q=Eric+Wolf%0D%0AMosnews&btnG=Google+Search
shows this :
Whatever happened to the WTC HARD-DRIVE recoveries? - Forums ...
You posting anymore lies about DNS entries and who owns MOSNEWS?
... Eric Wolf Slomtzion Ha-Malcha 24 Hertzelia, IL 46662 IL Phone:
972546236249 ...
www.libertyforum.org/showflat.php?Cat=&
Board=news_crime&Number=1245955&page=0&view=collap... - 92k -
Cached - Similar pages
"seraphina
(rebel)
12/29/06 05:46 PM
Re: Whatever happened to the WTC HARD-DRIVE recoveries? [ To:
Aeryn_Sun | Post 295155565, reply to 295062100 ] (Score: 2)
We must deal with Lie #25 from Aeryn_Sun:
The anally-obsessed Jew sex pest, writes:
Quote:
You posting anymore lies about DNS entries and who owns MOSNEWS?
You don't even know how to obtain and read a DNS entry:
Quote:
$ whois mosnews.com
[Querying whois.internic.net]
[Redirected to whois.register.com]
[Querying whois.register.com]
[whois.register.com]
Domain Name: MOSNEWS.COM
Created on..............: Thu, Oct 09, 2003
Expires on..............: Tue, Oct 09, 2007
Record last updated on..: Wed, Jul 05, 2006
Organization:
Eric Wolf
Slomtzion Ha-Malcha 24
Hertzelia, IL 46662
IL
Phone: 972546236249
Email: wolferic@mac.com
Administrative Contact:
Eric Wolf
Slomtzion Ha-Malcha 24
Hertzelia, IL 46662
IL
Phone: 972546236249
Email: wolferic@mac.com
Domain servers in listed order:
DNS9.REGISTER.COM 216.21.234.75
DNS10.REGISTER.COM 216.21.226.75
The admin contact for the MOSNEWS.COM domain is some yhid from
Herzelia, Israel.
End of Story, you devious piece of Jewish shit. "
Regards,
Robert
--
Robert M. Stockmann - RHCE
Network Engineer - UNIX/Linux Specialist
crashrecovery.org stock@stokkie.net
Re: MOSSAD takes over MOSNEWS.COM
From: Greg Hallett
Subject: Re: MOSSAD takes over MOSNEWS.COM
Date: Tue, 19 Jun 2007 20:46:25 +1200
To: Robert M. Stockmann
X-Mailer: Apple Mail (2.752.3)
X-AntiVirus: scanned for viruses by AMaViS 0.2.4 (ftp://crashrecovery.org/pub/linux/amavis/)
X-Status:
X-Keywords:
Robert,
Russia has been one big Jewish Olig since 1917.
As you know the Russian Revolution was a Jewish takeover of Russia,
which then spread communism, socialism and totalitarianism over the
Western World
and formed the basis of the Cold War enemy, while Israel ran the
Cold War from other Jewlands, like London, New York Washington,
and other places the Israelis were occupying, like Fiordland, in the
South Island of New Zealand.
Putin has been a Zionist for a long time, at least since 1980 when he
was running
the Trawler Wars in and around New Zealand with the goal to launch a
nuclear strike on Taupo in the North Island of New Zealand.
The Wairakei Geothermal Power Station, 20 km north of Taupo was
producing all the heavy water for the Western World
from 1961 to around 1972 and was still on their nuclear hit list in
2002.
The NZSIS base was Flight's Camp, just around the corner.
While in Wellington, Putin was getting his information off Helen
Clark and Margaret Wilson, both KGB agents.
They are now the Prime Minister and Speaker of the House of Parliament.
So it's no wonder an Israeli secret service has taken over Moscow
News/Mossad News.
No doubt this would have occurred with complete Putin complicity.
After all, it was Jewish bankers who put Putin in power by allowing
Yeltsin to steal some US$1 billion or more,
have this 'discovered' then have Yeltsin call Putin for help.
Putin then bargained to help Yeltsin in exchange for the presidency
before the end of 1999.
Yeltsin complied, at the last moment, on 31 December 1999 . . . and
the rest of Russian history is Zionist history.
Not that the previous 83 years wasn't Zionist history also.
When you look at wars now, you have to look at what hand the Jews had
in it,
and there are few notable wars without their involvement.
"Anti-Semitism" is the Jewish version of an 'eccumenical slap on the
wrist'.
It is an empowered word designed to work like "excommunication for
raising the paedophile issue".
Both are warranted . . . so its good to expose Catholic paedophiles
and its good to expose the wrongdoings of Jews and of Israel . . .
So when one is 'excommunicated' and labeled 'anti-Semitic', one
should feel proud,
just as one should feel proud to be 'homophobic', if indeed, they are
homophobic.
Since the Jews own so much of the media, most say it's bad to be
'anti-Semitic' as a way of keeping their jobs secure.
I have certainly found, that in writing history', if you are prepared
to be anti-Semitic, you can write the truth about history.
The truth of the 20th century has not been told, because the
historians weren't prepared to write anything negative about Jews.
Since the Jews were so thoroughly involved in creating WWII and the
Cold War,
misnamed 'anti-Semitic' writers can now write the truth, and feel
proud about it.
So, in the name of 'truth',
let's disempower the word "anti-Semitic" and write how things really
went down,
only not in Russia,
as the Mossad own MosNews,
so the chances of getting this message over their wireless are all
but lost,
once again.
I think the public should know that Putin is a Zionist,
and that he is not acting in the best interests of Russia, but in the
best interests of Jewish interests in Russia . . .
and Russian politics over the last 100 years can best be described as
lies upon lies, upon lies, upon lies, and only the best liars reach
the top.
So at the top of Russia is another Zionist liar, and his name is
Vladimir Putin.
Remind me why Putin doesn't disclose where he was 1980-82?
King regards,
Greg Hallett
High Alert, good websites get taken down
Date: Tue, 8 Jan 2008 22:23:31 +0100 (CET)
From: "Robert M. Stockmann"
To: stewwebb@sierranv.net, stefangrossmann@t-online.de,
too@slingshot.co.nz, wmreditor@waynemadsenreport.com,
palast@gregpalast.com, tom@tomflocco.com, skolnick@ameritech.net,
henry@savethemales.ca, leurenmoret@yahoo.com,
prophecy@texemarrs.com, smith@iamthewitness.com,
eric@iamthewitness.com, captainmay@prodigy.net,
tarpley@tarpley.net, takingaim@pacbell.net, webmaster@rense.com,
articles@davidicke.com, chamish@netvision.net.il,
michaelcollinspiper1960@yahoo.com, crescentandcross@gmail.com,
tips@infowars.com, cloak.dagger@gmail.com, lennybloom@gmail.com,
eric@vaticanassassins.org, email@spirituallysmart.com,
deadlinelive@yahoo.com, alanwattcuttingthrough@yahoo.com,
Tillawi@currentissues.tv
Subject: High Alert, good websites get taken down
Message-ID:
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
Content-Transfer-Encoding: 8BIT
Status: RO
X-Status:
X-Keywords:
Hi,
Here's one :
http://www.staatsbriefe.de/
This website is gone. How did i came across that? Check your favorite
webpages frequently, like this one :
"OPERATION CYANIDE"
http://www.wakeupfromyourslumber.com/node/1948
And check for missing pictures. Apparently this picture is gone :
http://www.staatsbriefe.de/1994/bilder/cyanide.jpg
But also this picture is gone :
http://www.talkingproud.us/ImagesHistory/LBJVietnamPhotos/Helms.jpg
From http://web.archive.org/web/20061125013154/www.staatsbriefe.de/start.htm
goto to the bottom and click on "VERWEISE" (links) :
http://www.klaus-krusche.de/
Unabhängiger Online-Publizist
Well he's gone too, what's next :
http://www.johnkaminski.com/
Unabhängiger Online-Publizist (USA)
Yep, John Kaminski has been stripped of his .com domain also.
Anyone who has heard from John Kaminski recently?
http://www.americanfreepress.net/
US-Zeitung, die sich nicht zum Mainstream zählt.
Well they are still here today. But it seems some nasty crap, annihilating
_INDEPENDENT_ reporting, is happening as we speak. So what's left today?
I'm getting a little sick and tired of that hyped up Ron Paul campaign.
The guy tells some good things, but he omits certain key issues. STOP
recycling that Ron Paul stuff, it will kill all your last working brain
cells. I'm not gonna listen for another 9 months to all this Ron Paul
Campaganda when the elections are only in November 2008. Sure go ahead,
elect the guy, but it takes more as one guy to clean up Washington D.C.
Cheers,
Robert
--
Robert M. Stockmann - RHCE
Network Engineer - UNIX/Linux Specialist
crashrecovery.org stock@stokkie.net
A renewed reading of John Kaminksi's interesting blog articles comes highly
recommended. His last published article is
part III: Who Are They?" of a series titled Mindlock. In it Kaminski
identifies the real hazards and dangers whom a Unabhängiger Online-Publizist can expect. From my own experience i can only admit that Kaminksi
was right on the money. Interesting enough after
Kaminski's
Internet Essays were pulled down, running a blogsite became the new
game in town.
Cloak and Dagger under blackbox routing attack
Date: Tue, 15 May 2007 12:27:30 +0200 (CEST)
From: "Robert M. Stockmann"
To: cloak.dagger@gmail.com, lennybloom@gmail.com,
stefangrossmann@t-online.de, too@slingshot.co.nz,
skolnick@ameritech.net, eric@vaticanassassins.org,
tips@infowars.com, prisonplanetweb@hotmail.com,
tarpley@tarpley.net, tom@tomflocco.com, takingaim@pacbell.net,
stewwebb@sierranv.net, prophecy@texemarrs.com,
deadlinelive@yahoo.com, webmaster@rense.com,
wmreditor@waynemadsenreport.com, captainmay@prodigy.net,
palast@gregpalast.com, henry@savethemales.ca,
leurenmoret@yahoo.com, michaelcollinspiper1960@yahoo.com,
chamish@netvision.net.il, smith@iamthewitness.com
Subject: Cloak and Dagger under blackbox routing attack
In-Reply-To: <291a79940705142228t5b24f1a2y5a2a73c052b44575@mail.gmail.com>
Message-ID:
MIME-Version: 1.0
Hi,
It seems that a couple of very nasty backbone router goons have
recently aquired the capabilities of blackbox routing manipulation.
These 'goons' turn out to be NOT your nextdoor hacker wannabee's, but
are merely organized crime Corporations with full access and control of
large IP-NETWORKS comprising A and B CLASS ip-ranges, which turn out to
be in use at the most important backbone Global IP-ROUTING and ATM
SWITCHING Internet Exchange Point's.
In the below presented case they are found present at the Amsterdam
(AMS-IX) Internet Exchange Point [1], and The Pan American (PAIX)
Internet Exchange Point in New York, MAE-East [2], and the Frankfurt
Internet Exchange (F-IX) [3], and obviously the Toronto Internet
Exchange (TorIX) [4] :
[1] Amsterdam : http://www.ams-ix.net/
[2] New York : http://www.paix.net/
http://www.mae.net/fac/mae-east.htm
http://en.wikipedia.org/wiki/MAE-East
[3] Frankfurt : http://www.de-cix.net/
http://www.franap.net/
http://www.kleyrex.net/
[4] Toronto : http://www.torix.net/
>From stock@stokkie.net Tue May 15 01:21:51 2007 +0200
Date: Tue, 15 May 2007 01:21:50 +0200 (CEST)
From: "Robert M. Stockmann"
To: noc@cogentco.com, abuse@cogentco.com, ipalloc@cogentco.com
cc: cloak.dagger@gmail.com, lennybloom@gmail.com, stewwebb@sierranv.net,
tom@tomflocco.com, stefangrossmann@t-online.de,
too@slingshot.co.nz, eric@vaticanassassins.org
Subject: [ABUSE] PSI/COGENTCO blackbox routing harassment
In-Reply-To:
Message-ID:
MIME-Version: 1.0
Sent by EMAIL and FAX
Cogent Communications/
Performance Systems International
1015 31ST ST NW
WASHINGTON, DC 20007-4406
USA
tel: +1 202-295-4200
fax: +1 202-338-8798
noc@cogentco.com, abuse@cogentco.com, ipalloc@cogentco.com.
Subject : [ABUSE] PSI/COGENTCO blackbox routing harassment
Dear Network Operators,
After further investigation, it's straightforward evident to me that
the web-server hosting of www.cloakanddagger.de (213.68.215.8) is
severely compromised. In previous months www.cloakanddagger.de simply
was blocked, hacked or put offline.
This time "they" (Orca Associates?) have installed/(or hired?) a more
sophisticated team of "Certified Ethical Hacker's" (www.eccouncil.org)??
Well so it seems to me. I did some traceroute's and added a new tool
called tcptraceroute, which does the same as traceroute but uses the
more commonly used tcp port 80 (http), which needs to be open for
webservers.
I did a traceroute and tcptraceroute (on port 80) from my own ADSL at
home, and at a ADSL located at a customer of my company Stockmann
Automatisering :
Traceroute at home :
------------------------------------------------------------------------
[jackson:root]:(~)# traceroute www.cloakanddagger.de
traceroute to www.cloakanddagger.de (213.68.215.8), 30 hops max, 46 byte packets
1 hubble (10.0.18.72) 0.264 ms 0.162 ms 0.500 ms
2 1-28.bbned.dsl.internl.net (82.215.28.1) 10.272 ms 9.615 ms 9.560 ms
3 ge1-1.xr1.nik-asd.internl.net (217.149.196.33) 10.090 ms 9.804 ms 10.184
ms
4 v265.mpd01.ams03.atlas.cogentco.com (130.117.242.149) 10.529 ms 10.500 ms
10.086 ms
5 t4-2.mpd01.ams03.atlas.cogentco.com (130.117.2.65) 10.600 ms 10.515 ms 10
.618 ms
6 t2-0-0.core01.ams03.atlas.cogentco.com (130.117.0.33) 88.223 ms 88.544 ms
87.917 ms
7 p1-0.core01.lon01.atlas.cogentco.com (130.117.1.225) 90.183 ms 90.200 ms
90.166 ms
8 t1-4.mpd02.lon01.atlas.cogentco.com (130.117.1.74) 18.502 ms 18.128 ms 18
.164 ms
9 * t8-1.mpd03.jfk02.atlas.cogentco.com (66.28.4.41) 90.459 ms 89.883 ms
10 v3491.mpd01.jfk05.atlas.cogentco.com (154.54.7.10) 93.609 ms 93.857 ms 93
.433 ms
11 g13-0-0.core01.jfk05.atlas.cogentco.com (154.54.1.154) 87.876 ms 87.863 ms
87.892 ms
12 uunet.jfk05.atlas.cogentco.com (154.54.12.182) 94.153 ms 94.103 ms 93.367
ms
13 0.so-2-3-0.XL3.NYC4.ALTER.NET (152.63.3.154) 92.895 ms 92.519 ms 93.331 m
s
14 0.so-2-0-0.IL1.NYC9.ALTER.NET (152.63.9.241) 93.415 ms 93.025 ms 93.846 m
s
15 0.so-1-0-0.IR1.NYC12.ALTER.NET (152.63.23.62) 93.667 ms 93.365 ms 93.622
ms
16 so-7-0-0.TR1.FFT1.ALTER.NET (146.188.15.217) 183.575 ms 183.011 ms 183.53
0 ms
17 so-4-0-0.XR1.FFT4.ALTER.NET (146.188.3.110) 179.571 ms 179.640 ms 179.597
ms
18 POS0-0-0.GW11.FFT4.ALTER.NET (149.227.22.6) 184.289 ms 184.049 ms 184.540
ms
19 Orca-up.Wiesbaden.de.ALTER.NET (139.4.22.118) 185.225 ms 185.001 ms 184.7
79 ms
20 * * *
21 * * *
22 * * *
[jackson:root]:(~)#
TCPTraceroute at home :
------------------------------------------------------------------------
[jackson:root]:(~)# tcptraceroute www.cloakanddagger.de
Selected device eth0, address 10.0.18.71, port 33807 for outgoing packets
Tracing the path to www.cloakanddagger.de (213.68.215.8) on TCP port 80 (http),
30 hops max
1 10.0.18.72 0.280 ms 0.328 ms 0.485 ms
2 1-28.bbned.dsl.internl.net (82.215.28.1) 10.470 ms 9.811 ms 9.582 ms
3 ge1-1.xr1.nik-asd.internl.net (217.149.196.33) 10.305 ms 9.894 ms 10.597
ms
4 v265.mpd01.ams03.atlas.cogentco.com (130.117.242.149) 9.790 ms 10.114 ms
9.878 ms
5 t4-2.mpd01.ams03.atlas.cogentco.com (130.117.2.65) 10.502 ms 10.601 ms 10
.204 ms
6 t2-0-0.core01.ams03.atlas.cogentco.com (130.117.0.33) 88.019 ms 88.085 ms
88.399 ms
7 p1-0.core01.lon01.atlas.cogentco.com (130.117.1.225) 89.858 ms 89.793 ms
89.682 ms
8 t1-4.mpd02.lon01.atlas.cogentco.com (130.117.1.74) 23.749 ms 18.408 ms 18
.458 ms
9 t8-1.mpd03.jfk02.atlas.cogentco.com (66.28.4.41) 90.349 ms 89.573 ms 91.1
02 ms
10 v3491.mpd01.jfk05.atlas.cogentco.com (154.54.7.10) 93.584 ms 93.477 ms 93
.807 ms
11 g13-0-0.core01.jfk05.atlas.cogentco.com (154.54.1.154) 87.632 ms 87.350 ms
87.623 ms
12 uunet.jfk05.atlas.cogentco.com (154.54.12.182) 93.800 ms 94.339 ms 93.819
ms
13 0.so-2-1-0.XL3.NYC4.ALTER.NET (152.63.3.150) 93.579 ms 93.458 ms 92.840 m
s
14 0.so-2-0-0.IL1.NYC9.ALTER.NET (152.63.9.241) 93.548 ms 93.528 ms 92.994 m
s
15 0.so-1-0-0.IR1.NYC12.ALTER.NET (152.63.23.62) 94.627 ms 93.224 ms 93.078
ms
16 so-7-0-0.TR1.FFT1.ALTER.NET (146.188.15.217) 183.230 ms 182.705 ms 183.01
2 ms
17 so-0-1-0.XR1.FFT4.ALTER.NET (146.188.8.133) 178.609 ms 177.607 ms 178.047
ms
18 POS0-0-0.GW11.FFT4.ALTER.NET (149.227.22.6) 201.967 ms 199.097 ms 200.252
ms
19 Orca-up.Wiesbaden.de.ALTER.NET (139.4.22.118) 184.728 ms 184.591 ms 184.6
92 ms
20 * * *
21 213.68.215.8 [open] 184.966 ms 184.823 ms 185.730 ms
[jackson:root]:(~)#
Traceroute at customer :
------------------------------------------------------------------------
[mail:root]:(~)# traceroute www.cloakanddagger.de
traceroute to www.cloakanddagger.de (213.68.215.8), 30 hops max, 38 byte packets
1 sdsllan (194.123.233.249) 0.348 ms 0.279 ms 0.293 ms
2 gv-dc2-ias-ard11.nl.kpn.net (62.12.4.26) 7.908 ms 5.360 ms 5.365 ms
3 gv-dc2-ipc-cr02.nl.kpn.net (195.190.232.74) 9.774 ms 285.277 ms 8.002 ms
4 rt-dc2-ipc-br02.nl.kpn.net (195.190.232.75) 8.937 ms 8.710 ms 11.327 ms
5 195.190.233.98 (195.190.233.98) 9.347 ms 10.428 ms 9.221 ms
6 asd-dc2-ias-ur10.nl.kpn.net (195.190.227.7) 7.400 ms 7.849 ms 7.882 ms
7 asd-dc2-ipc-br02.nl.kpn.net (195.190.227.203) 8.961 ms 11.157 ms 8.852 ms
8 asd-dc2-ias-csg01.nl.kpn.net (195.190.227.202) 8.264 ms 8.291 ms 7.811 ms
9 193.172.217.118 (193.172.217.118) 8.281 ms 7.544 ms 7.813 ms
10 so-1-2-0.TR1.AMS2.ALTER.NET (146.188.5.93) 10.765 ms 9.427 ms 9.922 ms
11 so-6-1-0.TR2.FFT1.ALTER.NET (146.188.15.214) 16.144 ms 15.238 ms 16.109 ms
12 so-2-0-0.XR2.FFT4.ALTER.NET (146.188.8.145) 16.551 ms 14.879 ms 15.277 ms
13 POS12-0-0.GW11.FFT4.ALTER.NET (149.227.22.34) 14.456 ms 14.458 ms 15.288 ms
14 Orca-up.Wiesbaden.de.ALTER.NET (139.4.22.118) 15.729 ms 15.742 ms 15.261 ms
15 * * *
16 * * *
17 * * *
[mail:root]:(~)#
TCPTraceroute at customer :
------------------------------------------------------------------------
[mail:root]:(~)# tcptraceroute www.cloakanddagger.de
Selected device eth0, address 194.123.233.250, port 44752 for outgoing packets
Tracing the path to www.cloakanddagger.de (213.68.215.8) on TCP port 80 (http), 30 hops max
1 sdsllan (194.123.233.249) 0.284 ms 0.257 ms 0.232 ms
2 gv-dc2-ias-ard11.nl.kpn.net (62.12.4.26) 31.691 ms 6.207 ms 6.142 ms
3 gv-dc2-ipc-cr02.nl.kpn.net (195.190.232.74) 9.746 ms 10.404 ms 9.492 ms
4 rt-dc2-ipc-br02.nl.kpn.net (195.190.232.75) 10.251 ms 10.045 ms 9.857 ms
5 195.190.233.98 10.268 ms 10.080 ms 10.306 ms
6 asd-dc2-ias-ur10.nl.kpn.net (195.190.227.7) 7.954 ms 8.351 ms 7.789 ms
7 asd-dc2-ipc-br02.nl.kpn.net (195.190.227.203) 10.156 ms 9.936 ms 9.862 ms
8 asd-dc2-ias-csg01.nl.kpn.net (195.190.227.202) 8.369 ms 8.352 ms 7.813 ms
9 193.172.217.118 8.224 ms 8.447 ms 9.082 ms
10 so-1-2-0.TR1.AMS2.ALTER.NET (146.188.5.93) 9.446 ms 9.110 ms 9.005 ms
11 so-6-0-0.TR1.FFT1.ALTER.NET (146.188.8.162) 31.839 ms 16.427 ms 15.015 ms
12 so-0-1-0.XR1.FFT4.ALTER.NET (146.188.8.133) 15.272 ms 14.927 ms 14.818 ms
13 POS0-0-0.GW11.FFT4.ALTER.NET (149.227.22.6) 14.843 ms 14.649 ms 14.847 ms
14 Orca-up.Wiesbaden.de.ALTER.NET (139.4.22.118) 16.498 ms 16.117 ms 15.701 ms
15 213.68.215.8 16.528 ms 16.779 ms 17.745 ms
16 213.68.215.8 [open] 16.057 ms 16.289 ms 16.927 ms
[mail:root]:(~)#
It's clear that, in my case, two Corporations called PSI and COGENTO
are at play here. PSI uses 130.117.xxx.yyy and 154.54.xxx.yyy and
COGENTO uses 66.28.xxx.yyy in the example from my home :
PSI :
------------------------------------------------------------------------
OrgName: Performance Systems International Inc.
OrgID: PSI
Address: 1015 31st St NW
City: Washington
StateProv: DC
PostalCode: 20007
Country: US
NetRange: 130.117.0.0 - 130.117.255.255
CIDR: 130.117.0.0/16
NetName: COGENT-EUROPEAN-OPERATIONS-001
NetHandle: NET-130-117-0-0-1
Parent: NET-130-0-0-0-0
NetType: Direct Assignment
NetRange: 154.54.0.0 - 154.54.255.255
CIDR: 154.54.0.0/16
NetName: PSINET-B2-54
NetHandle: NET-154-54-0-0-1
Parent: NET-154-0-0-0-0
NetType: Direct Assignment
COGENTCO:
------------------------------------------------------------------------
OrgName: Cogent Communications
OrgID: COGC
Address: 1015 31st St NW
City: Washington
StateProv: DC
PostalCode: 20007
Country: US
NetRange: 66.28.0.0 - 66.28.255.255
CIDR: 66.28.0.0/16
NetName: COGENT-NB-0000
NetHandle: NET-66-28-0-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Allocation
COGENTCO and PSI are clearly close business partners in what ever they
are doing. Comparing the above traceroute and tcptraceroute results
with those at my customers location, its clear that 'certain' regular
visitors of cloakanddagger.de are being harrassed by blackbox routing
over ip-networks in the ownership of COGENTCO/PSI..
It's most likely that both Lenny Bloom and Tom Heneghan, site owners of
www.cloakanddagger.de, are faced with the same 'blackbox' PSI/COGENTCO
harassment, as they stated that access to their webserver
www.cloakanddagger.de was severely compromised because they could not
publish or edit their own website content anymore.
I'm most confident that the 'blackbox' routing will be removed from the
IP-NETWORK ranges in ownership of COGENTCO and PSI. Thanking you for
your cooperation, I reside,
Yours Sincerely,
Robert M. Stockmann
--
Robert M. Stockmann - RHCE
Network Engineer - UNIX/Linux Specialist
crashrecovery.org stock@stokkie.net
On Tue, 15 May 2007, Lenny Bloom wrote:
> Date: Tue, 15 May 2007 01:28:43 -0400
> From: Lenny Bloom
> To: Robert M. Stockmann
> Subject: Re: Give us some Cloak audio!
>
> I cannot get access to publish to the Cloak.
> For whatever reason which I dont know I can't and really am handcuffed.
> Be Patient.
> Lenny
>
>
> On 5/14/07, Robert M. Stockmann wrote:
> >
> >
> > Hi Lenny,
> >
> > As Dunblaine Tony gets kicked out of Downingstreet 10, and Bush has
> > moved to COG (Continuity of Government) and COOP (Continuity of
> > Operations), a clear defensive strategy to save ones Presidential butt,
> > I wonder to myself :
> >
> > Where's the new Cloak audio's ?
> >
> > Cheers,
> >
> > Robert
--
Robert M. Stockmann - RHCE
Network Engineer - UNIX/Linux Specialist
crashrecovery.org stock@stokkie.net
Compromised DNS backbone providers
It turns out that my own DNS servers, hooked up to my ADSL at home,
are blocked, somehow, from querying when finding certain websites.
e.g. http://xckd.com/, http://www.globalhealthfreedom.org/, etc. all
result in :
An error occurred while loading http://www.globalhealthfreedom.org/:
Unknown host www.healthfreedomusa.org
Interesting enough when inserting the dialup nameserver ip's from
my ADSL ISP, into /etc/resolv.conf or as forwarders inside named.conf, the
above two websites suddenly work normally again. So this looks like
a harassement targeted at my 100% independent running DNS/Web/Email
servers, which i setup to work from my ADSL at home.
Date: Fri, 29 Jun 2007 07:39:35 +0200 (CEST)
From: "Robert M. Stockmann"
To: iana@iana.org
Subject: Compromised DNS backbone providers
Message-ID:
MIME-Version: 1.0
Internet Assigned Numbers Authority
4676 Admiralty Way, Suite 330
Marina del Rey, CA 90292
USA
+1-310-823-9358 (phone)
+1-310-823-8649 (facsimile)
Subject: Compromised DNS backbone providers
Dear Sir/Madam,
As many of you have noticed recently, is that a lot, and i mean
a LOT of usefull websites have gone offline. Typically websites
which report about serious issues concerning all kind of aspects
with regards to our current troubled times. So how far does
this dirty gambit rabbit hole go?
Here's a couple :
www.mediabypass.com Registrar of Record: TUCOWS, INC.
Whois Server: whois.tucows.com
Name Server: NS1.WVR.NET
Problem: No DNS records active
www.healthfreedomusa.org Registrar of Record: Go Daddy Software, Inc.
Whois Server: whois.godaddy.com
Name Server:NS29.1AND1.COM
Problem: No DNS records active
www.crystalinks.com Registrar of Record: NETWORK SOLUTIONS, LLC.
Whois Server: whois.networksolutions.com
Name Server: NS29.1AND1.COM
Problem: No DNS records active
www.newworldorderchat.com Registrar: DOTSTER, INC.
Whois Server: whois.dotster.com
Name Server: NS1.STORMDNS.COM
Problem: No DNS records active
www.lp.org Registrar of Record: NETWORK SOLUTIONS, LLC.
Whois Server: whois.networksolutions.com
Name Server: NS1.LP.ORG
Problem: No DNS records active
Although the nameservers of the above DNS-less domains could still be
alive with their ip-numbers, the whois service of the Registrar of
Record could have been compromised by secret service. So lets check the
whois servers of the above 4 domains :
WHOIS TUCOWS.COM :
========================================================================
[jackson:stock]:(~)$ whois tucows.com
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Server Name: TUCOWS.COM.RESPECTED.BY.WWW.DNDIALOG.COM
IP Address: 81.177.3.240
Registrar: MONIKER ONLINE SERVICES, INC.
Whois Server: whois.moniker.com
Referral URL: http://www.moniker.com/whois.html
Domain Name: TUCOWS.COM
Registrar: TUCOWS INC.
Whois Server: whois.tucows.com
Referral URL: http://domainhelp.opensrs.net
Name Server: DNS1.TUCOWS.COM
Name Server: DNS2.TUCOWS.COM
Name Server: DNS3.TUCOWS.COM
Status: clientDeleteProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 13-oct-2006
Creation Date: 07-sep-1995
Expiration Date: 06-sep-2007
WHOIS NETWORKSOLUTIONS.COM :
========================================================================
[jackson:stock]:(~)$ whois networksolutions.com
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Server Name: NETWORKSOLUTIONS.COM.RESPECTED.BY.WWW.DNDIALOG.COM
IP Address: 81.177.3.240
Registrar: MONIKER ONLINE SERVICES, INC.
Whois Server: whois.moniker.com
Referral URL: http://www.moniker.com/whois.html
Domain Name: NETWORKSOLUTIONS.COM
Registrar: NETWORK SOLUTIONS, LLC.
Whois Server: whois.networksolutions.com
Referral URL: http://www.networksolutions.com
Name Server: NS1.NETSOL.COM
Name Server: NS2.NETSOL.COM
Name Server: NS3.NETSOL.COM
Status: clientDeleteProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 26-jun-2006
Creation Date: 27-apr-1998
Expiration Date: 26-apr-2016
WHOIS DOTSTER.COM :
========================================================================
[jackson:stock]:(~)$ whois dotster.com
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Server Name: DOTSTER.COM.RESPECTED.BY.WWW.DNDIALOG.COM
IP Address: 81.177.3.240
Registrar: MONIKER ONLINE SERVICES, INC.
Whois Server: whois.moniker.com
Referral URL: http://www.moniker.com/whois.html
Server Name: DOTSTER.COM.IMAGESOFWNC.COM
IP Address: 64.94.117.196
Registrar: DOTSTER, INC.
Whois Server: whois.dotster.com
Referral URL: http://www.dotster.com
Server Name: DOTSTER.COM.GOLDENHEARTGROUP.COM
IP Address: 66.11.230.74
Registrar: DOTSTER, INC.
Whois Server: whois.dotster.com
Referral URL: http://www.dotster.com
Domain Name: DOTSTER.COM
Registrar: DOTSTER, INC.
Whois Server: whois.dotster.com
Referral URL: http://www.dotster.com
Name Server: NS1.DOTSTER.COM
Name Server: NS2.DOTSTER.COM
Status: clientDeleteProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 27-apr-2007
Creation Date: 12-dec-1999
Expiration Date: 12-dec-2011
WHOIS GODADDY.COM :
========================================================================
[jackson:stock]:(~)$ whois godaddy.com
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Server Name: GODADDY.COM.THEANTHEMS.NET
IP Address: 68.178.211.122
Registrar: TUCOWS INC.
Whois Server: whois.tucows.com
Referral URL: http://domainhelp.opensrs.net
Server Name: GODADDY.COM.SANGRAALBODYWORK.COM
IP Address: 68.178.211.122
Registrar: DOTSTER, INC.
Whois Server: whois.dotster.com
Referral URL: http://www.dotster.com
Server Name: GODADDY.COM.RUSSIANHORNY4U.COM
IP Address: 68.178.211.9
Registrar: WILD WEST DOMAINS, INC.
Whois Server: whois.wildwestdomains.com
Referral URL: http://www.wildwestdomains.com
Server Name: GODADDY.COM.RESPECTED.BY.WWW.DNDIALOG.COM
IP Address: 81.177.3.240
Registrar: MONIKER ONLINE SERVICES, INC.
Whois Server: whois.moniker.com
Referral URL: http://www.moniker.com/whois.html
Server Name: GODADDY.COM.QUINTAFLORIDA.COM
IP Address: 68.178.254.161
Registrar: DOTSTER, INC.
Whois Server: whois.dotster.com
Referral URL: http://www.dotster.com
Server Name: GODADDY.COM.NIFTYENGLISH.NET
IP Address: 64.202.165.10
IP Address: 64.202.167.92
Registrar: A TECHNOLOGY COMPANY, INC. D/B/A NAMESYSTEM.COM
Whois Server: whois.namesystem.com
Referral URL: http://www.NameSystem.com
Server Name: GODADDY.COM.NAIVEDESIGN.NET
IP Address: 68.178.254.73
Registrar: WILD WEST DOMAINS, INC.
Whois Server: whois.wildwestdomains.com
Referral URL: http://www.wildwestdomains.com
Server Name: GODADDY.COM.MADE4BABES.COM
IP Address: 68.178.254.107
Registrar: DOTSTER, INC.
Whois Server: whois.dotster.com
Referral URL: http://www.dotster.com
Server Name: GODADDY.COM.KOEUNPARK.COM
IP Address: 64.202.167.92
IP Address: 64.202.165.10
Registrar: A TECHNOLOGY COMPANY, INC. D/B/A NAMESYSTEM.COM
Whois Server: whois.namesystem.com
Referral URL: http://www.NameSystem.com
Server Name: GODADDY.COM.KARLAADAMS.COM
IP Address: 63.241.136.156
Registrar: GO DADDY SOFTWARE, INC.
Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com
Server Name: GODADDY.COM.JMAHERREALTOR.COM
IP Address: 64.202.165.70
Registrar: NAMESDIRECT.COM, INC.
Whois Server: whois.namesdirect.com
Referral URL: http://www.namesdirect.com
Server Name: GODADDY.COM.INDYMETROWOMAN.COM
IP Address: 68.178.254.122
Registrar: DSTR ACQUISITION. I, LLC DBA 000DOMAINS.COM
Whois Server: whois.000domains.com
Referral URL: http://www.000domains.com
Server Name: GODADDY.COM.HOPEHASFAILEDUS.COM
IP Address: 64.202.163.148
Registrar: GO DADDY SOFTWARE, INC.
Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com
Server Name: GODADDY.COM.GGONYA.NET
IP Address: 64.202.167.92
IP Address: 64.202.165.10
Registrar: A TECHNOLOGY COMPANY, INC. D/B/A NAMESYSTEM.COM
Whois Server: whois.namesystem.com
Referral URL: http://www.NameSystem.com
Server Name: GODADDY.COM.DATINGMATCHUP.NET
IP Address: 68.178.232.44
Registrar: WILD WEST DOMAINS, INC.
Whois Server: whois.wildwestdomains.com
Referral URL: http://www.wildwestdomains.com
Server Name: GODADDY.COM.DAHLGLASS.NET
IP Address: 64.202.163.8
Registrar: DOTSTER, INC.
Whois Server: whois.dotster.com
Referral URL: http://www.dotster.com
Server Name: GODADDY.COM.AND.ALEX.FUCKED.BY.WWW.DNDIALOG.COM
IP Address: 81.177.3.240
Registrar: MONIKER ONLINE SERVICES, INC.
Whois Server: whois.moniker.com
Referral URL: http://www.moniker.com/whois.html
Domain Name: GODADDY.COM
Registrar: GO DADDY SOFTWARE, INC.
Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com
Name Server: CNS1.SECURESERVER.NET
Name Server: CNS2.SECURESERVER.NET
Name Server: CNS3.SECURESERVER.NET
Status: clientDeleteProhibited
Status: clientRenewProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 24-jan-2007
Creation Date: 02-mar-1999
Expiration Date: 02-mar-2016
So it seems that none of the above 4 toplevel whois/dns providers have
their own whois record secured. Through this security flaw, the whois
service hijackers can render any website offline by publishing
false DNS server records for the client domain.
Probably by overruling whois servers like WHOIS.TUCOWS.COM,
WHOIS.NETWORKSOLUTIONS.COM, WHOIS.DOTSTER.COM and WHOIS.GODADDY.COM by
using a different whois server, the DNS record nuke Gig is executed.
Through the listing of "extra" additional whois server records _ABOVE_
the real whois server, the published DNS server records for the client
domain can be changed into erroneous DNS nameserver names or ip-numbers.
This means serious trouble, and if not resolved and cleaned up soon,
these offenders might take the whole internet down.
Yours Sincerely,
Robert M. Stockmann
--
Robert M. Stockmann - RHCE
Network Engineer - UNIX/Linux Specialist
crashrecovery.org stock@stokkie.net
Re: [IANA #91363] Compromised DNS backbone providers
Date: Sun, 15 Jul 2007 21:10:48 +0200 (CEST)
From: "Robert M. Stockmann" <stock@stokkie.net>
To: Kim Davies via RT <iana-questions@icann.org>
Subject: Re: [IANA #91363] Compromised DNS backbone providers
In-Reply-To: <rt-3.5.HEAD-12433-1184352479-730.91363-6-0@icann.org>
Message-ID: <Pine.LNX.4.44.0707152051450.25012-100000@hubble.stokkie.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Status: RO
X-Status:
X-Keywords:
On Fri, 13 Jul 2007, Kim Davies via RT wrote:
> Date: Fri, 13 Jul 2007 11:48:00 -0700
> From: Kim Davies via RT <iana-questions@icann.org>
> To: stock@stokkie.net
> Subject: [IANA #91363] Compromised DNS backbone providers
>
> Dear Mr Stockmann,
>
> We received your facsimile transmission dated 29 June 2007 concerning
> "Compromised DNS backbone providers".
>
> We reviewed the information you provided and have found no evidence
> there are any serious issues or problems in what you have provided.
>
> Your first issue is that a number of domains have "No DNS records
> active". This is not correct:
>
> * www.healthfreedomusa.org resolves as an A record to 74.208.10.167
> * www.crystalinks.com resolves as an A record to 82.165.148.74
> * www.newworldorderchat.com resolves as an A record to 74.200.66.7
> * www.lp.org resolves as a CNAME record to lp.org
Ok, well there is indeed a weird thing going on with my own DNS servers :
"[jackson:root]:(~)# nslookup
> www.microsoft.com
Server: 10.0.18.72
Address: 10.0.18.72#53
Non-authoritative answer:
www.microsoft.com canonical name = toggle.www.ms.akadns.net.
toggle.www.ms.akadns.net canonical name = g.www.ms.akadns.net.
g.www.ms.akadns.net canonical name = lb1.www.ms.akadns.net.
Name: lb1.www.ms.akadns.net
Address: 207.46.19.190
Name: lb1.www.ms.akadns.net
Address: 207.46.19.254
Name: lb1.www.ms.akadns.net
Address: 207.46.192.254
Name: lb1.www.ms.akadns.net
Address: 207.46.193.254
> www.healthfreedomusa.org
;; Got SERVFAIL reply from 10.0.18.71, trying next server
;; Got SERVFAIL reply from 10.0.18.72, trying next server
Server: 10.0.18.84
Address: 10.0.18.84#53
** server can't find www.healthfreedomusa.org: SERVFAIL
> www.crystalinks.com
;; Got SERVFAIL reply from 10.0.18.71, trying next server
;; Got SERVFAIL reply from 10.0.18.72, trying next server
Server: 10.0.18.84
Address: 10.0.18.84#53
** server can't find www.crystalinks.com: SERVFAIL
> www.newworldorderchat.com
;; Got SERVFAIL reply from 10.0.18.71, trying next server
;; Got SERVFAIL reply from 10.0.18.72, trying next server
Server: 10.0.18.84
Address: 10.0.18.84#53
** server can't find www.newworldorderchat.com: SERVFAIL
> www.lp.org
;; Got SERVFAIL reply from 10.0.18.71, trying next server
;; Got SERVFAIL reply from 10.0.18.72, trying next server
Server: 10.0.18.84
Address: 10.0.18.84#53
** server can't find www.lp.org: SERVFAIL
>
[jackson:root]:(~)# "
The above results are obtained, when my named.conf has no forwarder
nameservers active. If I activate the forwarders from my ISP inside
named.conf :
// INTER.NL.NET
forwarders { 217.149.196.6; 217.149.192.6; };
I get the following results :
"[jackson:root]:(~)# nslookup
> www.healthfreedomusa.org
Server: 10.0.18.71
Address: 10.0.18.71#53
Non-authoritative answer:
Name: www.healthfreedomusa.org
Address: 74.208.10.167
> www.crystalinks.com
Server: 10.0.18.71
Address: 10.0.18.71#53
Non-authoritative answer:
Name: www.crystalinks.com
Address: 82.165.148.74
> www.newworldorderchat.com
Server: 10.0.18.71
Address: 10.0.18.71#53
Non-authoritative answer:
Name: www.newworldorderchat.com
Address: 74.200.66.7
> www.lp.org
Server: 10.0.18.71
Address: 10.0.18.71#53
Non-authoritative answer:
www.lp.org canonical name = lp.org.
Name: lp.org
Address: 74.53.96.35
>
[jackson:root]:(~)# "
After consulting with the tech support desk of my ISP, INTER.NL.NET
they assured me that the ip-number of my ADSL connection , 82.215.30.181 ,
has no restrictions imposed of any kind, like those needed
for a DNS name server. This means that higher upstream my ip-number
is somehow blocked from direct DNS access to certain backbone DNS
nameservers.
If you can find out how my ip-number is blocked, you may be able
to prevent future DNS blocking on other nameservers, which may have
a more drastic impact on blocking whole parts on the internet.
> The only address for which we could not resolve a DNS record for was
> www.mediabypass.com. This is due to SERVFAIL errors with the two
> authoritative name servers for the domain, which is a problem with the
> name server operators for the domain, not with any "DNS backbone".
>
> As to your list of WHOIS outputs, we do not see anything wrong with
> them. We note you have listed WHOIS records for 'host' objects like
> 'TUCOWS.COM.RESPECTED.BY.WWW.DNDIALOG.COM' as well as for 'domain'
> objects like 'TUCOWS.COM' -- perhaps that is causing you some
> confusion. The two are unrelated objects in the database.
>
> If you have evidence of actual problems with the Internet whereby
> there are security problems, or any erroneous data -- we will happily
> research them. However nothing you have provided shows any indication
> of such problems.
>
> With kindest regards,
>
> Kim Davies
> Internet Assigned Numbers Authority
>
I thank you for your response,
Best Regards,
Robert
--
Robert M. Stockmann - RHCE
Network Engineer - UNIX/Linux Specialist
crashrecovery.org stock@stokkie.net
Normally spoken DNS queries on UDP port 53 to the DNS Root Servers are
not blocked, but recently, it seems, times have changed
[1][2]. It's a
sad situation, where the nasty odor of a staged and orchestrated
problem, the fabricated reaction inside 'mainstream IT press' and a
MOSSAD desired solution has been forced upon the small ISP's and
independent DNS servers. A solution which results in my name.cache
zone file failing to directly retrieve information regarding 'certain'
domain names. As of Oct 31, 2007, the workaround offered is to 'rely' on
the nameserver cache of your upstream ISP's DNS nameservers. This should
be enough food for thought about _WHO IS_ creating these weird
situations and problems.
[1] "Health of the Domain Name System (DNS Garbage)"
©2002-2007 BIND9.NET. All rights reserved.
Page last modified on Mon 12 March 2007 03:20:58 CET
http://www.bind9.net/dnshealth
[2] "UPDATE: Lessons learned from Internet root server attack"
By Carolyn Duffy Marsan, Network World, 02/08/07
http://www.networkworld.com/news/2007/020807-internet-root-server-hack.html
Keyboard JitterBug eavesdropping
Date: Sat, 28 Jul 2007 02:56:06 +0200 (CEST)
From: "Robert M. Stockmann"
To: stewwebb@sierranv.net, stefangrossmann@t-online.de,
too@slingshot.co.nz, wmreditor@waynemadsenreport.com,
palast@gregpalast.com, tom@tomflocco.com, skolnick@ameritech.net,
henry@savethemales.ca, prophecy@texemarrs.com,
smith@iamthewitness.com, eric@iamthewitness.com,
captainmay@prodigy.net, tarpley@tarpley.net,
takingaim@pacbell.net, webmaster@rense.com,
articles@davidicke.com, chamish@netvision.net.il,
crescentandcross@gmail.com, tips@infowars.com,
cloak.dagger@gmail.com, lennybloom@gmail.com,
eric@vaticanassassins.org
Subject: Keyboard JitterBug eavesdropping
Message-ID:
MIME-Version: 1.0
Hi,
In this vibrant era of getting the truth out, signed, sealed, delivered
and published on the Internet, its important to make sure your
working place, i.e. your workstation is also securely signed and sealed.
I came across the following USENIX article :
"Keyboards and Covert Channels"
by Gaurav Shah, Andres Molina and Matt Blaze , 2006-05-17
Department of Computer and Information Science
University of Pennsylvania
http://www.usenix.org/events/sec06/tech/shah/shah_html/jbug-Usenix06.html
In it the authors demonstrate that todays unwarrented wiretapped
NSA activities, normally don't result in much success as serious
internet users routinely apply encryption into their communications,
like IPSec tunneling, ssh, VPN access connections, secure webtraffic
https when i.e. doing Internet banking activities.
However, secret service found a clever approach to all this, by covertly
installing a Keyboard JitterBug into your keyboard :
"5.1 Architecture
Our Keyboard JitterBug is implemented as a hardware interception
device that sits between the keyboard and the computer. It is also
possible to implement a JitterBug by modifying the keyboard
firmware or the internal keyboard circuits, but the
bump-in-the-wire implementation lends itself to easy installation
on existing keyboards without the need for any major modification.
Figure 2 shows the high-level architecture of the Keyboard
JitterBug.
The Keyboard JitterBug adds timing information to keypresses in the
form of small jitters that are unnoticeable to a human operator. If
the user is typing in an interactive network application, then each
keystroke will be sent in its own network packet. Ignoring the
effects of buffering and network delays (the ideal case), the
timing of the network packets will mirror closely the times at
which the keystroke were received by the keyboard controller on the
host. By observing these packet timings, an eavesdropper can
reconstruct the original information that was encoded by the
Keyboard JitterBug."
There's however a straighforward effective solution to this possibility,
and that is to seal some screws of your keyboard. You must of course
be sure your keyboard has not yet been "JitterBug"-ed yet.
Cheers,
Robert
--
Robert M. Stockmann - RHCE
Network Engineer - UNIX/Linux Specialist
crashrecovery.org stock@stokkie.net
The Anti Spam Controversy
From: "Robert M. Stockmann" <stock@stokkie.net>
Subject: The libspf/libsrs vs. libspf2/libsrs2 controversy
Date: Wed, 17 Oct 2007 00:23:21 +0200
User-Agent: Pan/0.14.2.91 (As She Crawled Across the Table)
Message-Id: <pan.2007.10.16.22.23.21.827112@stokkie.net>
Newsgroups: comp.os.linux.advocacy
X-Pan-Internal-Post-Server: XS4ALL
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: 8bit
Hi,
After i sent the below email to the Developers of libspf , the email
server of Meng Weng Wong from pobox.com responded with a interesting but
also strange error message :
delivery 29415:
failure:207.106.133.15_does_not_like_recipient./
Remote_host_said:_554_<mengwong@pobox.com>:_Recipient_address_rejected:_broadband/
_returned_deny:_161-98.mxp.dsl.internl.net_looks_like_a_consumer_broadband_machine/
Giving_up_on_207.106.133.15./
So today anti-spam efforts go as far as to reject email because the
sending email server is using a "consumer_broadband_machine" ip-number. If
that is all what anti-spam is about, then the true agenda of anti-spam
guru's has been exposed : Make email a costly service, censure certain
people's email from the internet using misty anti-spam rules, and in the
end allow the old times rulers to take over the Internet, go back to
pre-Internet ages and resume business as usual.
Date: Wed, 17 Oct 2007 00:04:33 +0200 (CEST)
From: "Robert M. Stockmann" <stock@stokkie.net>
To: root@teddy.ch
cc: Patrick Earl <patearl@patearl.net>, Sean Comeau <scomeau@obscurity.org>,
Matthias Ruttmann <ruttmann@bartels.de>,
Rob McMahon <Rob.McMahon@warwick.ac.uk>,
Meng Weng Wong <mengwong@pobox.com>
Subject: The libspf/libsrs vs. libspf2/libsrs2 controversy
Message-ID: <Pine.LNX.4.44.0710162354420.14634-100000@hubble.stokkie.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Status: RO
Hello Dominik Mahrer,
I am a little confused about the SPF/SRS and SPF2/SRS2 competition.
libspf-1.0.0-RC6/AUTHORS lists the following active developers :
"Active developers:
------------------
James Couzens .......... <jcouzens@codeshare.ca>
Michael Weiner ......... <mweiner@codeshare.ca>
Teddy .................. <teddy@codeshare.ca>
Travis Anderson ........ <tanderson@codeshare.ca>"
I assume you are teddy@codeshare.ca as you support libspf on
http://www.teddy.ch/libspf/
and started your own company teddy.ch. If that is the case, i have a
couple of questions for you.
1. there seems to be some controversy which
libraries to use :
libspf or libspf2
libsrs or libsrs2
2. Do you have a working libsrs (the original James Couzens implementation),
and also the qmail and sendmail MTA patches for this?
From the FreeBSD ports i downloaded libsrs.0.3.beta.tar.bz2 which
clearly is designed and written for performance, where the spf2 and
srs2 crowd clearly is tailored around the Perl::Whatever:Plugin
culture. For email and a sound MTA server i detest such Perl::XYZ
solutions.
In fact Larry Wall's Perl is absolutely 100% orthogonal in contradiction
of what the UNIX Linux philosophy stands for. What the secret agenda is
behind the zealous promotion of Perl on UNIX/Linux I today have some
well funded explanations, who clearly point to the objective to
have the UNIX/Linux platform migrated in a below average platform, both
in performance and scalability.
Qmail is one of the MTA's out there who still stick to the old diehard
UNIX philosophy, of building a complex service out of a number of
separate but fast programs in the C programming language. That's what
UNIX is : the blinding fast execution of complicated tasks using a
chain of many small, fast and rock-solid programs.
From libsrs.3/TODO we read :
"libsrs v0.3 beta
(c) 2004 James Couzens <jcouzens@obscurity.org>
TODO:
- MTA patches
-- Qmail 99% done
-- Sendmail 50% done
-- Exim3 0%
-- Exim4 0%
-- Postfix 0%
-- Courier 0%
-- Autoconf this library - someone with experience please do this!
Would be nice to use configure and have it build proper make files
for BSD/Linux etc..
- OTHER
-- Get this to compile in solaris "
Currently it seems that www.libsrs.org is offline and also
codeshare.ca. Luckily we now have http://libspf.userfriendly.net/.
But still I'm in the dark where the qmail MTA patch for James Couzens
version of libsrs can be downloaded.
I found somewhere on a obscure ftp server this patch :
qmail-srs-0.3.patch which obviously is to used together with
libsrs.0.3.beta.tar.bz2 . But when inspecting this patch it seems to
link with -lsrs2 instead of -lsrs
qmail-srs-0.3.patch :
"INSTALL INSTRUCTIONS
1) Download and install libsrs2 from http://www.libsrs2.org/download.html
2) Apply this patch
tar -xzf /path/to/qmail-1.03.tar.gz
cd qmail-1.03
patch -p1 < qmail-srs-0.2.patch "
Then again it seems there's a lot of cash to be made with SPF/SRS as
besides aol.com now also gmail.com is implementing spf1 records inside
its DNS.
I somehow have the impression that the libspf2/libsrs2 crowd is
seriously trying to eat you guys lunch/diner and mortgage for the house
with this. And from what i am seeing they are actually are getting away
with it. This needs to be stopped.
Certainly as James Couzens has been the True pioneer for the SPF DNS
record anti-spam solution. See the news article collections on
http://libspf.userfriendly.net/ (***), i.e. [1][2][3][4].
Thanks,
Best Regards,
Yours Sincerely,
Robert M. Stockmann
PS.
[1] "Spoofed From: Prevention"
Posted by timothy on Sun Oct 05, 2003 09:18 PM
http://yro.slashdot.org/article.pl?sid=03/10/06/0044200&mode=thread
[2] "SPF Design Frozen"
Posted by timothy on Tue Dec 16, 2003 12:29 AM
http://developers.slashdot.org/article.pl?sid=03/12/16/0349243&mode=thread
[3] "AOL Now Publishing SPF Records"
Posted by CowboyNeal on Fri Jan 09, 2004 05:03 AM
http://it.slashdot.org/article.pl?sid=04/01/09/0435234&mode=thread
[4] "AOL Tests Sender Permitted From / E-mail Caller ID"
Posted by timothy on Sun Jan 25, 2004 10:22 PM
http://yro.slashdot.org/article.pl?sid=04/01/26/0043227&mode=thread
--
Robert M. Stockmann - RHCE
Network Engineer - UNIX/Linux Specialist
crashrecovery.org stock@stokkie.net
After checking my spam logs, i noticed how a spammer was sending
countless emails using jrabbit@mmsrep.com as his from address :
From SRS0=QORU=PV=mmsrep.com=jrabbit@srs.stokkie.net Sat Oct 27 06:35:12 2007
Return-Path: <SRS0=QORU=PV=mmsrep.com=jrabbit@srs.stokkie.net>
Delivered-To: stock@hubble.stokkie.net
Received: (qmail 6889 invoked by alias); 27 Oct 2007 06:35:12 -0000
Delivered-To: anonymous@stokkie.net
Received: (qmail 6565 invoked from network); 27 Oct 2007 06:35:11 -0000
Received: from unknown (HELO mercermc.com) (88.210.54.251)
by dmz.stokkie.net with SMTP; 27 Oct 2007 06:35:11 -0000
Received-SPF: none (dmz.stokkie.net: domain of jrabbit@mmsrep.com
does not designate permitted sender hosts)
Return-Path: <Joni@mmsrep.com>
Received: from 208.65.144.13 (HELO mmsrep.com.inbound15.mxlogic.net)
by stokkie.net with esmtp (VKBMGJBRVQ XPROK)
id YlTWr3-sTEW2u-R0
for anonymous@stokkie.net; Sat, 27 Oct 2007 10:35:13 +0400
Message-ID: <fc7301c81863$87554340$ac100b73@Joni>
From: "Joni D. Driscoll" <Joni@mmsrep.com>
To: "Staci Y. Dahl" <anonymous@stokkie.net>
Subject: Our wonder-medicine will make your dick so impressive
Date: Sat, 27 Oct 2007 10:35:13 +0400
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_64625_FCDB_01C81885.0E66E340"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1506
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1506
X-AntiVirus: scanned for viruses by AMaViS 0.2.4 (ftp://crashrecovery.org/pub/linux/amavis/)
X-AntiVirus: scanned for viruses by AMaViS 0.2.4 (ftp://crashrecovery.org/pub/linux/amavis/)
X-DSPAM-Result: Spam
X-DSPAM-Processed: Sat Oct 27 08:35:14 2007
X-DSPAM-Confidence: 0.9997
X-DSPAM-Probability: 1.0000
X-DSPAM-Signature: 4722dc2169345126716110
X-DSPAM-Factors: 15,
bed+We, 0.99990,
style7+font, 0.99990,
pleasure, 0.99990,
Subject*medicine, 0.99990,
Pakistan, 0.99990,
From*D, 0.99990,
breaker!, 0.99990,
a+Rely, 0.99990,
To*anonymous+stokkie, 0.99990,
Subject*will, 0.99990,
color+#FF2F2F, 0.99990,
bed+span, 0.99990,
Delivered-To*anonymous+stokkie, 0.99990,
#2B3235+span, 0.99990,
xual+reality!, 0.99990
Status: O
X-Status:
X-Keywords:
When checking upon the mmsrep.com website i however found the following
notice :
What's interesting though is that the mmsrep.com domain does not designate
SPF1 records inside its DNS, and then of course SPF/SRS enabled
email servers never can check if the used ip-address by the hijacker from
jrabbit@mmsrep.com was valid or not.
Some claim SPF is a Harmful solution, see links collection at
"Criticism of Anti-spam Research", but a simple DNS TXT entry addition to the zone
file of mmsrep.com would at least prevent My Email Server to accept
spam from jrabbit@mmsrep.com .
The MX records of mmsrep.com seem ok :
[hubble:stock]:(~)$ nslookup
> set type=MX
> mmsrep.com.
Server: 10.0.18.72
Address: 10.0.18.72#53
Non-authoritative answer:
mmsrep.com mail exchanger = 15 mmsrep.com.inbound15.mxlogicmx.net.
mmsrep.com mail exchanger = 15 mmsrep.com.inbound15.mxlogic.net.
Authoritative answers can be found from:
mmsrep.com nameserver = ns.oneononeinternet.com.
mmsrep.com nameserver = ns2.oneononeinternet.com.
mmsrep.com.inbound15.mxlogic.net internet address = 208.65.144.13
mmsrep.com.inbound15.mxlogic.net internet address = 208.65.144.12
mmsrep.com.inbound15.mxlogicmx.net internet address = 208.65.144.12
mmsrep.com.inbound15.mxlogicmx.net internet address = 208.65.144.13
>
[hubble:stock]:(~)$
This jrabbit@mmsrep.com dude seems to know his spam job, as he even
inserted a fake Received: from header, see the red part above,
and compare this with the real Received: from header in green. In effect SPF/SRS would effectively dismiss and rule out
the Email MX intermediairy from Russia with ip-number 88.210.54.251.
references :
total 6084
drwxr-xr-x 1 crashrec klant 32 May 4 2008 ![[DIR]](/icons/folder.png)
tcptraceroute/
-rw-r--r-- 1 crashrec klant 19014 Oct 17 2007 libsrs.0.3.beta.tar.bz2
-rw-r--r-- 1 crashrec klant 1399 Jan 23 01:37 MD5SUM
-rw-r--r-- 1 crashrec klant 25428 Oct 17 2007 qmail-srs-0.3.patch
-rw-r--r-- 1 crashrec klant 1633256 Jun 18 2008 stopping_spam_May2005.pdf
-r--r--r-- 1 crashrec klant 120432 Jun 29 2007 whois-4.7.13-1mdk.i586.rpm
-r--r--r-- 1 crashrec klant 57469 Jun 29 2007 whois-4.7.13-1mdk.src.rpm
-r--r--r-- 1 crashrec klant 122911 Jun 29 2007 whois-4.7.13-1mdk.x86_64.rpm
-rw-r--r-- 1 crashrec klant 120923 Jan 18 2008 whois-4.7.13-2mdk.i586.rpm
-rw-r--r-- 1 crashrec klant 64179 Jan 18 2008 whois-4.7.13-2mdk.src.rpm
-rw-r--r-- 1 crashrec klant 123625 Jan 18 2008 whois-4.7.13-2mdk.x86_64.rpm
-rw-r--r-- 1 crashrec klant 121729 Jan 23 01:27 whois-4.7.13-3mdk.i586.rpm
-rw-r--r-- 1 crashrec klant 64349 Jan 23 01:28 whois-4.7.13-3mdk.src.rpm
-rw-r--r-- 1 crashrec klant 124483 Jan 23 01:28 whois-4.7.13-3mdk.x86_64.rpm
-rw-r--r-- 1 crashrec klant 59582 Jan 23 01:25 whois_4.7.13-Dec08.tar.gz
-rw-r--r-- 1 crashrec klant 59651 Jul 29 2007 whois_4.7.13-Jul07.tar.gz
-r--r--r-- 1 crashrec klant 52951 Jun 29 2007 whois_4.7.13.tar.bz2
-r--r--r-- 1 crashrec klant 59490 Jun 29 2007 whois_4.7.13.tar.gz
-r--r--r-- 1 crashrec klant 486037 Jun 29 2007 whois.exe
-r-xr-xr-x 1 crashrec klant 298838 Jun 29 2007 whois.sco506.coff.bin
-r-xr-xr-x 1 crashrec klant 42980 Jun 29 2007 whois.sco506.dynamic.bin
-r-xr-xr-x 1 crashrec klant 274128 Jun 29 2007 whois.sco506.static.bin
-r-xr-xr-x 1 crashrec klant 34764 Jun 29 2007 whois.sco600.dynamic.bin
-r-xr-xr-x 1 crashrec klant 35744 Jun 29 2007 whois.sol8.dynamic.bin
-r-xr-xr-x 1 crashrec klant 791792 Jun 29 2007 whois.sol8.dynamic.bin
-r-xr-xr-x 1 crashrec klant 65024 Jun 29 2007 whois.tru64.dynamic.bin
First published on Tue, 19 Jun 2007
