Your IP:

Our Forums Have Moved!

Visit our new forums at http://community.opendns.com/forums/ to post on topics and read the latest content. These forums are now read-only archives.

K-12 Forums

Talk with other K-12 network administrators in your state.

Or see all states.

Categories

Vanilla 1.1.4 is a product of Lussumo. More Information: Documentation, Community Support.

This discussion has been inactive for longer than 30 days, and is thus closed.
    • CommentAuthorgeeklord
    • CommentTimeJan 19th 2009
     permalink
    The IP range of Opendns is
    67.215.64.0 - 67.215.95.255
    but there is a persistent hacker appearing to operate from IP address
    67.215.65.132
    You can see some of the content of one of the redirects here
    http://www.blueravenltd.com/oce/id?&xid=a781831aa2fc96f7eb69432d417b51bd
    If you look up the IP address of blueravenltd.com you get 72.9.234.42
    but blueravenltd.com/oce ( SAYS) it points to 67.215.65.132
    The hacker has many other web sites operating from 67.215.65.132 and redirects PHP information so that he/ she can use sites for spamming.
    Question: Which is the real hacker ? and how can we block them out ?
    I am thinking its actually 72.9.234.42
    Can you help us out here ?
  1.  permalink
    I don't get blueravenltd.com/oce pointing to anything but 72.9.234.42.. just checked opendns cache..and nslookup.. so not sure why yours is point to the 67.215.65.132.. although it seems that that address may not be an Opendns ip even though it's in Opendns's range.. as i checked it with yougetsignal.com for other websites on it and it listed 3 french website addresses(.fr)
  2.  permalink
    67.215.65.132 is OpenDNS
    OrgName: OpenDNS, LLC
    OrgID: OPEND-2
    NetRange: 67.215.64.0 - 67.215.95.255
    CIDR: 67.215.64.0/19
    OriginAS: AS36692
    NetName: OPENDNS-NET-3
    NetHandle: NET-67-215-64-0-1
    Parent: NET-67-0-0-0-0
    NetType: Direct Assignment
    NameServer: AUTH1.OPENDNS.COM
    ...etc...
    # ARIN WHOIS database, last updated 2009-01-18 19:10

    BUT

    Domain Information for blueravenltd.com
    IP address 72.9.234.42
    Registrant: & Administrative Contact, Technical Contact:
    Bashir, Tahsin wf3rm97u66r@networksolutionsprivateregistration.com
    ATTN: BLUERAVENLTD.COM
    c/o Network Solutions
    P.O. Box 447
    Herndon, VA 20172-0447

    and if I visit 67.215.65.132, I get the OpenDNS Guide, which says 67.215.65.132 is not loading.

    blueravenltd.com/oce links to a parent directory and a file named id, which is a script. The top level page simply says it is -Blue Raven, authorized distributor for Erze- with a link. Erze is apparently some Turkish company that makes things from plastic.
  3.  permalink
    Anyhow, what indications do you have that a hacker (by which I assume you mean 'malicious hacker') is operating (doing what?) from either of these addresses?
    • CommentAuthorrotblitz
    • CommentTimeJan 19th 2009 edited
     permalink
    67.215.65.132 is the IP address of hit-nxdomain.opendns.com. When you get this returned for any nameserver lookup, then the DNS could not resolve the domain at this time for whatever reason. No hacker is behind this, but this is how OpenDNS works.

    If this happens, visit http://www.opendns.com/support/cache/

    Edit: Sorry maintenance, our contributions were overlapping.
    Thankful People: billso, maintenance, kingsltd
  4.  permalink
    So, it makes perfect sense that calling 67.215.65.132 would get you a "not loading" page, as that is its job. LOL.

This discussion has been inactive for longer than 30 days, and is thus closed.