MOSSAD's control over the Internet

CrackSmokeRepublican · August 30, 2008, 02:50:55 AM

MOSSAD's control over the Internet

(SITE: http://crashrecovery.org/internet/#jitter -- is this a real site? )

The Mossad takeover of popular Webmail
MOSSAD takes over MOSNEWS.COM
Re: MOSSAD takes over MOSNEWS.COM
High Alert, good websites get taken down
Cloak and Dagger under blackbox routing attack
Compromised DNS backbone providers
Re: [IANA #91363] Compromised DNS backbone providers
Keyboard JitterBug eavesdropping
The Anti Spam Controversy
Downloads

The Mossad takeover of popular Webmail

------
Re: [IANA #91363] Compromised DNS backbone providers

Date: Sun, 15 Jul 2007 21:10:48 +0200 (CEST)
From: "Robert M. Stockmann" <stock@stokkie.net>
To: Kim Davies via RT <iana-questions@icann.org>
Subject: Re: [IANA #91363] Compromised DNS backbone providers
In-Reply-To: <rt-3.5.HEAD-12433-1184352479-730.91363-6-0@icann.org>
Message-ID: <Pine.LNX.4.44.0707152051450.25012-100000@hubble.stokkie.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Status: RO
X-Status:
X-Keywords:

On Fri, 13 Jul 2007, Kim Davies via RT wrote:

> Date: Fri, 13 Jul 2007 11:48:00 -0700
> From: Kim Davies via RT <iana-questions@icann.org>
> To: www.healthfreedomusa.org resolves as an A record to 74.208.10.167
> * www.crystalinks.com resolves as an A record to 82.165.148.74
> * www.newworldorderchat.com resolves as an A record to 74.200.66.7
> * www.lp.org resolves as a CNAME record to lp.org

Ok, well there is indeed a weird thing going on with my own DNS servers :

"[jackson:root]

~)# nslookup
> www.microsoft.com
Server: 10.0.18.72
Address: 10.0.18.72#53

Non-authoritative answer:
www.microsoft.com canonical name = toggle.www.ms.akadns.net.
toggle.www.ms.akadns.net canonical name = g.www.ms.akadns.net.
g.www.ms.akadns.net canonical name = lb1.www.ms.akadns.net.
Name: lb1.www.ms.akadns.net
Address: 207.46.19.190
Name: lb1.www.ms.akadns.net
Address: 207.46.19.254
Name: lb1.www.ms.akadns.net
Address: 207.46.192.254
Name: lb1.www.ms.akadns.net
Address: 207.46.193.254
> www.healthfreedomusa.org
;; Got SERVFAIL reply from 10.0.18.71, trying next server
;; Got SERVFAIL reply from 10.0.18.72, trying next server
Server: 10.0.18.84
Address: 10.0.18.84#53

** server can't find www.healthfreedomusa.org: SERVFAIL
> www.crystalinks.com
;; Got SERVFAIL reply from 10.0.18.71, trying next server
;; Got SERVFAIL reply from 10.0.18.72, trying next server
Server: 10.0.18.84
Address: 10.0.18.84#53

** server can't find www.crystalinks.com: SERVFAIL
> www.newworldorderchat.com
;; Got SERVFAIL reply from 10.0.18.71, trying next server
;; Got SERVFAIL reply from 10.0.18.72, trying next server
Server: 10.0.18.84
Address: 10.0.18.84#53

** server can't find www.newworldorderchat.com: SERVFAIL
> www.lp.org
;; Got SERVFAIL reply from 10.0.18.71, trying next server
;; Got SERVFAIL reply from 10.0.18.72, trying next server
Server: 10.0.18.84
Address: 10.0.18.84#53

** server can't find www.lp.org: SERVFAIL
>
[jackson:root]

~)# "

The above results are obtained, when my named.conf has no forwarder
nameservers active. If I activate the forwarders from my ISP inside
named.conf :

// INTER.NL.NET
forwarders { 217.149.196.6; 217.149.192.6; };

I get the following results :

"[jackson:root]

~)# nslookup
> www.healthfreedomusa.org
Server: 10.0.18.71
Address: 10.0.18.71#53

Non-authoritative answer:
Name: www.healthfreedomusa.org
Address: 74.208.10.167
> www.crystalinks.com
Server: 10.0.18.71
Address: 10.0.18.71#53

Non-authoritative answer:
Name: www.crystalinks.com
Address: 82.165.148.74
> www.newworldorderchat.com
Server: 10.0.18.71
Address: 10.0.18.71#53

Non-authoritative answer:
Name: www.newworldorderchat.com
Address: 74.200.66.7
> www.lp.org
Server: 10.0.18.71
Address: 10.0.18.71#53

Non-authoritative answer:
www.lp.org canonical name = lp.org.
Name: lp.org
Address: 74.53.96.35
>
[jackson:root]

~)# "

After consulting with the tech support desk of my ISP, INTER.NL.NET
they assured me that the ip-number of my ADSL connection , 82.215.30.181 ,
has no restrictions imposed of any kind, like those needed
for a DNS name server. This means that higher upstream my ip-number
is somehow blocked from direct DNS access to certain backbone DNS
nameservers.

If you can find out how my ip-number is blocked, you may be able
to prevent future DNS blocking on other nameservers, which may have
a more drastic impact on blocking whole parts on the internet.

> The only address for which we could not resolve a DNS record for was
> www.mediabypass.com. This is due to SERVFAIL errors with the two
> authoritative name servers for the domain, which is a problem with the
> name server operators for the domain, not with any "DNS backbone".
>
> As to your list of WHOIS outputs, we do not see anything wrong with
> them. We note you have listed WHOIS records for 'host' objects like
> 'TUCOWS.COM.RESPECTED.BY.WWW.DNDIALOG.COM' as well as for 'domain'
> objects like 'TUCOWS.COM' -- perhaps that is causing you some
> confusion. The two are unrelated objects in the database.
>
> If you have evidence of actual problems with the Internet whereby
> there are security problems, or any erroneous data -- we will happily
> research them. However nothing you have provided shows any indication
> of such problems.
>
> With kindest regards,
>
> Kim Davies
> Internet Assigned Numbers Authority
>

I thank you for your response,
Best Regards,

Robert
--
Robert M. Stockmann - RHCE
Network Engineer - UNIX/Linux Specialist
crashrecovery.org http://www.bind9.net/dnshealth

[2] "UPDATE: Lessons learned from Internet root server attack"
By Carolyn Duffy Marsan, Network World, 02/08/07
http://www.networkworld.com/news/2007/0 ... -hack.html

The Info Underground

MOSSAD's control over the Internet

CrackSmokeRepublican