From owner-freebsd-security@FreeBSD.ORG  Tue Mar 24 07:14:47 2009
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 84EAA106566B
	for <freebsd-security@freebsd.org>;
	Tue, 24 Mar 2009 07:14:47 +0000 (UTC)
	(envelope-from james.technew@gmail.com)
Received: from mail-gx0-f176.google.com (mail-gx0-f176.google.com
	[209.85.217.176])
	by mx1.freebsd.org (Postfix) with ESMTP id 406A48FC24
	for <freebsd-security@freebsd.org>;
	Tue, 24 Mar 2009 07:14:46 +0000 (UTC)
	(envelope-from james.technew@gmail.com)
Received: by gxk24 with SMTP id 24so2038732gxk.19
	for <freebsd-security@freebsd.org>;
	Tue, 24 Mar 2009 00:14:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:mime-version:received:date:message-id:subject
	:from:to:content-type:content-transfer-encoding;
	bh=4j3eLPIkDghub3awboXuFlvSK4Yee023eJqbxWEEQHo=;
	b=gTFcnLpMWsAIf4Y3RQXV5IS2LPJdecWr8Fl1C15ehl0n9ydhV6waB+Fsg6SDPMMzJ7
	8Cbb+UZ1xCj/ZYWxtkSi9evLybq++daHcBSsIFJlzeFvqctx5kbdgWVpJlv5nv6Ahm+Y
	WdNZUP2Wodpo8AOS842ziSwQPnqzrkjDQ9PMo=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=mime-version:date:message-id:subject:from:to:content-type
	:content-transfer-encoding;
	b=esLGqMixgNaCFYKkf+6Bi0uodfwyYNFyeY4osQdAZvd9M7qoPH4aIhTT2CmMsi/uDA
	7Qa4JC87QVTLBMnz7WYIBFH6nl/0HNwptaAjfVBZK8ChRVsYIVhIKT+EjFAI+1Cs9dNI
	Dcq4fvCPuarPcdKncOkUsNIgenN5d+DhHKcv0=
MIME-Version: 1.0
Received: by 10.114.95.12 with SMTP id s12mr5373386wab.223.1237877770190; Mon, 
	23 Mar 2009 23:56:10 -0700 (PDT)
Date: Tue, 24 Mar 2009 14:56:10 +0800
Message-ID: <a951c2910903232356y4faa9fd6nb3ebfd2215ca4d39@mail.gmail.com>
From: James Chang <james.technew@gmail.com>
To: freebsd-security@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: DNS of FreeBSD.org been Attacked!?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Mar 2009 07:14:47 -0000

Dear all,

      I found some strange DNS query result these days.

Show the strange result as following :<

C:\Documents and Settings\Administrator>nslookup ftp11.tw.freebsd.org 168.95.1.1

Server:  dns.hinet.net
Address:  168.95.1.1

Name:    ftp11.tw.freebsd.org.com.tw
Address:  82.98.86.170

C:\Documents and Settings\Administrator>nslookup ftp6.tw.freebsd.org 168.95.1.1
Server:  dns.hinet.net
Address:  168.95.1.1

Name:    ftp6.tw.freebsd.org.com.tw
Address:  82.98.86.170

      Both ftp6.tw.freebsd.org and ftp11.tw.freebsd.org
has the same IP adderess, and this IP address seems
belong to a malice domain!

       Could anyone have good idea?