discuss AT lists.opennicproject.org

Subject: Discuss mailing list

List archive

Re: [opennic-discuss] [URGENT] [ROUND-ROBIN] DNS POISONING/POSSIBLE MITM ATTACK

From: Se7en <se7en AT cock.email>
To: discuss AT lists.opennicproject.org
Subject: Re: [opennic-discuss] [URGENT] [ROUND-ROBIN] DNS POISONING/POSSIBLE MITM ATTACK
Date: Wed, 1 Sep 2021 18:26:53 -0700

On 21-09-02 03:21:00, Lennart Seitz wrote:
> I dont think thats the problem here since Duckduckgo.com resolves to
> facebook IPs for him and also shows https certificates that are related
> to facebook.com when visiting duckduckgo.com
>
> Can you please check what
> dig whoami.akamai.net
> gives you when you use opennic and quad9 (for example).

For some reason this changed to *** SPAM *** in the subject
line. Please give ATTN to the List Moderator to fix this. I don't want
this filtered.

# ON Quad9

$ dig whoami.akamai.net

; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>> whoami.akamai.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10586
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;whoami.akamai.net. IN A

;; ANSWER SECTION:
whoami.akamai.net. 180 IN A 74.63.16.248

# This IP is registered to WoodyNet

;; Query time: 49 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Wed Sep 01 18:22:46 PDT 2021
;; MSG SIZE rcvd: 62

# On OpenNIC Wiki's Anycast

; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>> whoami.akamai.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42082
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;whoami.akamai.net. IN A

;; ANSWER SECTION:
whoami.akamai.net. 174 IN A 104.156.252.143

;; Query time: 5 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Wed Sep 01 18:23:33 PDT 2021
;; MSG SIZE rcvd: 62

# This IP is registerd to The Constant Company, LLC

Note that /this time/ when I changed back to the OpenNICProject's
Wiki's Anycast, it now has the MITM again, redirecting sites to the
190.vip fradulent Chinese domain register.

--
|-----/ | Se7en
/ The One and Only! | se7en AT cock.email
/ | 0x0F83F93882CF6116
/ | https://se7en-site.neocities.org

Attachment: signature.asc
Description: PGP signature

Re: [opennic-discuss] [URGENT] [ROUND-ROBIN] DNS POISONING/POSSIBLE MITM ATTACK , (continued)