i have to say i never thought about the corp.com being an issues for corp internal websites aka FQDN (aka adding corp at the end of it). i can see now by adding a wild card for corp could cause major issues.

Your domain generics was a good buy up in the 90's (wish i had thought of it.

cole

I have lots of other domains -- but they aren't super-premium generics like those. They're things like APrairieHaven.com, BugLunch.com, BlipTrips.com. Goofy names, some of which have web sites, some that are just crazy ideas.

7. Do you have other domains?

This is a generic page, so I don't know which domain you got here from. Here's a list of the names that get a lot of hits;

Corp.com
Bar.com

corp.com and bar.com Hotlink is one hotlink not 2 if you click corp or bar it takes you to bar.

Cole

are they really just using "corp.com" as the internal domain? egad… it's no wonder their external users have slow logins. first they hit my site, on a goofy port. then, after that attempt takes a while to time out, the external user goes and looks up the internal address from the Windows server. i would guess it takes at least 30 seconds for the first try to time out -- maybe more. i'd be happy to testify to your client.

if you want, we could do something with a sniffer on my end. if you and i conspire on an exact time, i could fire up the sniffer and capture the login-attempt packets that are hitting my server. you could tell me IP address and port ranges to filter for. i could list out the hits. maybe that would be enough...

another avenue towards "proof" (besides spending a quarter to buy them a clue) is this report from ICANN's SSAC (security and stability advisory committee) which provides a top-10 list of DNS queries by misconfigured servers. "corp" is in that list. not quite the same as your gang (since the worst offender is the string "corp" rather than "corp.com") but close. and i can tell you fersure that "corp.com" gets a **LOT** of traffic from folks like your gang that have pounded that into their configurations. here's the link to the SSAC report

http://www.icann.org/en/committees/security/sac045.pdf

i'll ping you by email so we can continue this discussion...

a) There isn't much I can do if you're a system-administrator and your predecessor used one of my domains to route internal traffic. Liz is on the right track -- best to get a domain for your organization and use that instead. In Liz's case, the problem is the CORP.COM thingy on the end of that big long domain name -- I prod the corp.com domain with a stick every once in a while and odd things happen when I do.

b) There isn't much I can do if a spammer/spoofer Bad Guy uses BAR.COM INSIDE their big long domain name -- their traffic won't come to me, it'll go to web-address-bar.com which is a different domain but LOOKS like bar.com. If the bad-guy traffic goes to web-address.bar.com, I'm happy to forward it to any authority-figure that asks.

The authorities (FBI, Interpol, Justice Department, CIA, you name it) know this stuff. None of them have *ever* called me.

As this is clearly a phishing operation I will report you to the authorities

BE READY FOR THE FBI SOON!