[145007] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Earthlink Contact - DNS cache poisoning

daemon@ATHENA.MIT.EDU (Jimmy Hess)
Sat Sep 24 20:51:56 2011

In-Reply-To: <4AA82A6A-0588-49ED-B5BF-D39B94B50DA4@willscorner.net>
Date: Sat, 24 Sep 2011 19:51:11 -0500
From: Jimmy Hess <mysidia@gmail.com>
To: Will Dean <will@willscorner.net>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org

On Sat, Sep 24, 2011 at 7:43 PM, Will Dean <will@willscorner.net> wrote:

The  "JOMAX.NET"  response is  indicative that there's a  Paxfire box
in the mix,
intercepting the DNS query  (probably installed by the ISP).


> Anyone out there in Earthlink land? I am seeing what looks to be a cache =
poisoning attack on ns1.mindspring.com.

> ;; AUTHORITY SECTION:
> www.google.com. =A0 =A0 =A0 =A0 65535 =A0 IN =A0 =A0 =A0NS =A0 =A0 =A0WSC=
2.JOMAX.NET.
> www.google.com. =A0 =A0 =A0 =A0 65535 =A0 IN =A0 =A0 =A0NS =A0 =A0 =A0WSC=
1.JOMAX.NET.


--
-JH


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[145007] in North American Network Operators' Group

Re: Earthlink Contact - DNS cache poisoning

daemon@ATHENA.MIT.EDU (Jimmy Hess)Sat Sep 24 20:51:56 2011

daemon@ATHENA.MIT.EDU (Jimmy Hess)
Sat Sep 24 20:51:56 2011