North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Promosis? Who are these guys?

  • From: Suresh Ramasubramanian
  • Date: Wed Apr 20 03:10:07 2005
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=nb9ZW514ta9USzJKKmulwQC+tJGM1k0vhzKV6TKYffs/Z41Cz7gScCfsVTKzOyQQYcTSRaLd2YSPZSqag8gcKOkZ8EPO9nusKfyh9ElXm9pGg5wsWR1jyArxn9rbbTEQPnLXNvpov/cTPFCm2CGQYJ9ICP9mq8n6PTYyCo0iJX4=
seen on a local linux mailing list -

> It looks like some one broke into VSNL's name server and done some
> harm to open source websites I'm now using Airtel's (mantraonline)
> name server and able to browser the sites mentioned above any one have
> any idea whats happening ??? while nslookup to the VSNL's name server
> I'm getting 66.151.179.147 for all those sites. the list includes,
> gnomefiles.org
> gnome-look.org
> gforge.org
> mantisbt.org

[email protected] 12:23:32 [~]$ whois 66.151.179.147
Internap Network Services PNAP-06-2001 (NET-66-150-0-0-1)
                                  66.150.0.0 - 66.151.255.255
Promosis Inc. PNAP-BSN-PROMO-RM-01 (NET-66-151-179-128-1)
                                  66.151.179.128 - 66.151.179.191

The promosis.com site, however, is an all flash site that says they've
developed promo campaigns for Bose, Oracle, art.com, Forbes etc. 
Looks legit ..

Any idea?  Something that works when NS is changed couldnt be spyware
on the guy's PC though he is a newbie to linux, and is surfing the net
using firefox on a windows PC

-- 
Suresh Ramasubramanian ([email protected])