From owner-freebsd-security@FreeBSD.ORG Fri Dec 30 22:28:30 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7D0F016A41F; Fri, 30 Dec 2005 22:28:30 +0000 (GMT) (envelope-from scheidell@secnap.net) Received: from secnap2.secnap.com (secnap2.secnap.com [204.89.241.128]) by mx1.FreeBSD.org (Postfix) with ESMTP id 12C2F43D58; Fri, 30 Dec 2005 22:28:29 +0000 (GMT) (envelope-from scheidell@secnap.net) MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable content-class: urn:content-classes:message X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0 Date: Fri, 30 Dec 2005 17:28:28 -0500 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Domtools.com hyjacked? Thread-Index: AcYIwInJ1VZxJvAFTXmIhb9E0QqLEQEzox+w From: "Michael Scheidell" To: , Cc: freebsd-security Subject: Domtools.com hyjacked? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Dec 2005 22:28:30 -0000 Attempted to install dlint port. Only distribution site is www.domtools.com Email to 'content@domtools.com' and pab@domtools.com bounces (can't relay) Phone number missing on whois record. Fetch of tarball fails checksum (it delivers a generic 'web hosted search engine that just hijacked someone's domain' web page. Maybe domtools didn't renew? New web company messed up dns or apache virtual hosting records? Don't know where else to find a safe copy of dlint From owner-freebsd-security@FreeBSD.ORG Sat Dec 31 14:57:03 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6C28F16A41F; Sat, 31 Dec 2005 14:57:03 +0000 (GMT) (envelope-from bsam@ipt.ru) Received: from mail.ipt.ru (mail.ipt.ru [80.253.10.82]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8033743D5A; Sat, 31 Dec 2005 14:57:02 +0000 (GMT) (envelope-from bsam@ipt.ru) Received: from doc.sem.ipt.ru ([192.168.12.1] helo=srv.sem.ipt.ru) by mail.ipt.ru with esmtp (Exim 4.54 (FreeBSD)) id 1EsiAG-000Kz6-8O; Sat, 31 Dec 2005 17:57:00 +0300 Received: from bsam by srv.sem.ipt.ru with local (Exim 4.54 (FreeBSD)) id 1Esi9Q-000GCU-ME; Sat, 31 Dec 2005 17:56:08 +0300 To: "Michael Scheidell" References: From: Boris Samorodov Date: Sat, 31 Dec 2005 17:56:08 +0300 In-Reply-To: (Michael Scheidell's message of "Fri, 30 Dec 2005 17:28:28 -0500") Message-ID: <19450407@srv.sem.ipt.ru> User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: ports@freebsd.org, freebsd-security , pbalyoz@jammed.com Subject: Re: Domtools.com hyjacked? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 31 Dec 2005 14:57:03 -0000 Hi! On Fri, 30 Dec 2005 17:28:28 -0500 Michael Scheidell wrote: > Attempted to install dlint port. > Only distribution site is www.domtools.com > Email to 'content@domtools.com' and pab@domtools.com bounces (can't > relay) > Phone number missing on whois record. > Fetch of tarball fails checksum (it delivers a generic 'web hosted > search engine that just hijacked someone's domain' web page. > Maybe domtools didn't renew? New web company messed up dns or apache > virtual hosting records? > Don't know where else to find a safe copy of dlint ftp://ftp.cronyx.ru/pub/FreeBSD/ports/distfiles/ MD5 and SHA256 checksums are correct. WBR -- Boris B. Samorodov, Research Engineer InPharmTech Co, http://www.ipt.ru Telephone & Internet Service Provider From owner-freebsd-security@FreeBSD.ORG Sat Dec 31 14:49:07 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CABA016A41F for ; Sat, 31 Dec 2005 14:49:07 +0000 (GMT) (envelope-from anthony.elizondo@gmail.com) Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.207]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3F69143D55 for ; Sat, 31 Dec 2005 14:49:05 +0000 (GMT) (envelope-from anthony.elizondo@gmail.com) Received: by zproxy.gmail.com with SMTP id q3so1449200nzb for ; Sat, 31 Dec 2005 06:48:59 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=qTrSMeU/hdZSslfwS/KX5Hq5vZ29prgfKflZgjOd/g6oQXt1AafnmBIc4Q226+Lq+gZyCUu6K2qHG3usGO8eWxFBdUsaMaZ6ZQcwT0KoaukWVyrabPFVRzQv8FucVm00N6xajNFbBuqr2t8JYsEJpuv/7bliU1KkSAtWbhLbhsk= Received: by 10.64.21.10 with SMTP id 10mr3674465qbu; Sat, 31 Dec 2005 06:48:58 -0800 (PST) Received: by 10.64.208.19 with HTTP; Sat, 31 Dec 2005 06:48:58 -0800 (PST) Message-ID: Date: Sat, 31 Dec 2005 09:48:58 -0500 From: Anthony Elizondo To: Michael Scheidell In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: X-Mailman-Approved-At: Sat, 31 Dec 2005 15:34:31 +0000 Cc: ports@freebsd.org, freebsd-security , pbalyoz@jammed.com Subject: Re: Domtools.com hyjacked? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 31 Dec 2005 14:49:07 -0000 On 12/30/05, Michael Scheidell wrote: > Attempted to install dlint port. > > Only distribution site is www.domtools.com > > Email to 'content@domtools.com' and pab@domtools.com bounces (can't > relay) > Phone number missing on whois record. > > Fetch of tarball fails checksum (it delivers a generic 'web hosted > search engine that just hijacked someone's domain' web page. > > Maybe domtools didn't renew? New web company messed up dns or apache > virtual hosting records? > > Don't know where else to find a safe copy of dlint Found one at http://fresh.t-systems-sfr.com/unix/src/misc/dns/.warix/dlint1= .4.0.tar.gz.html and another at http://www.l0t3k.net/tools/DNSutils/ Note: I did not check the checksums. User beware.