Hacker News new | past | comments | ask | show | jobs | submit login

I wish they wouldn't censor it at all. Working in network/information security, when I see one of these posts the first thing I do is go into our SIM tool and look to see if any of our clients have been seen talking to this address. I then do a reverse-DNS lookup to find the domain name they have censored to see if our DNS has been talking there. Censoring it just makes my job harder, and defeats the point of the entire blog post.



Ah well. Somebody already has obtained the sample from the url for us. Most likely bruteforced the address.

http://twitter.com/jduck1337/status/239875285913317376


Reverse-DNS'ing the IP address gave me the URL they mentioned and censored in the article. I didn't want to post it here on HN because this isn't the place for that. I would think FireEye's blog would be that place. I'll have to get with my FireEye sales engineer to see why they censor there.


How did you find the domain through reverse dns? None of the queries I ran gave any useful results.


I use robtex.com to reverse-DNS [1]. It tells you if the address is listed in any blacklists, what domains are registered there, who owns the network, and where the geographical region of the server is. Listed in the registered domains is something awfully similar to what FireEye has censored out.

[1] http://www.robtex.com/ip/59.120.154.62.html#ip




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: