From owner-freebsd-security@FreeBSD.ORG  Sat Dec 31 14:49:07 2005
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CABA016A41F
	for <freebsd-security@freebsd.org>;
	Sat, 31 Dec 2005 14:49:07 +0000 (GMT)
	(envelope-from anthony.elizondo@gmail.com)
Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.207])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3F69143D55
	for <freebsd-security@freebsd.org>;
	Sat, 31 Dec 2005 14:49:05 +0000 (GMT)
	(envelope-from anthony.elizondo@gmail.com)
Received: by zproxy.gmail.com with SMTP id q3so1449200nzb
	for <freebsd-security@freebsd.org>;
	Sat, 31 Dec 2005 06:48:59 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
	b=qTrSMeU/hdZSslfwS/KX5Hq5vZ29prgfKflZgjOd/g6oQXt1AafnmBIc4Q226+Lq+gZyCUu6K2qHG3usGO8eWxFBdUsaMaZ6ZQcwT0KoaukWVyrabPFVRzQv8FucVm00N6xajNFbBuqr2t8JYsEJpuv/7bliU1KkSAtWbhLbhsk=
Received: by 10.64.21.10 with SMTP id 10mr3674465qbu;
	Sat, 31 Dec 2005 06:48:58 -0800 (PST)
Received: by 10.64.208.19 with HTTP; Sat, 31 Dec 2005 06:48:58 -0800 (PST)
Message-ID: <a49e62c80512310648v4a3dab33h3bd22f110abdf9d3@mail.gmail.com>
Date: Sat, 31 Dec 2005 09:48:58 -0500
From: Anthony Elizondo <anthony.elizondo@gmail.com>
To: Michael Scheidell <scheidell@secnap.net>
In-Reply-To: <B3BCAF4246A8A84983A80DAB50FE724255BD66@secnap2.secnap.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <B3BCAF4246A8A84983A80DAB50FE724255BD66@secnap2.secnap.com>
X-Mailman-Approved-At: Sat, 31 Dec 2005 15:34:31 +0000
Cc: ports@freebsd.org, freebsd-security <freebsd-security@freebsd.org>,
	pbalyoz@jammed.com
Subject: Re: Domtools.com hyjacked?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 31 Dec 2005 14:49:07 -0000

On 12/30/05, Michael Scheidell <scheidell@secnap.net> wrote:
> Attempted to install dlint port.
>
> Only distribution site is www.domtools.com
>
> Email to 'content@domtools.com' and pab@domtools.com bounces (can't
> relay)
> Phone number missing on whois record.
>
> Fetch of tarball fails checksum (it delivers a generic 'web hosted
> search engine that just hijacked someone's domain' web page.
>
> Maybe domtools didn't renew?  New web company messed up dns or apache
> virtual hosting records?
>
> Don't know where else to find a safe copy of dlint

Found one at http://fresh.t-systems-sfr.com/unix/src/misc/dns/.warix/dlint1=
.4.0.tar.gz.html
and another at http://www.l0t3k.net/tools/DNSutils/

Note: I did not check the checksums. User beware.