[145009] in North American Network Operators' Group
Re: Earthlink Contact - DNS cache poisoning
daemon@ATHENA.MIT.EDU (Will Dean)
Sat Sep 24 21:21:56 2011
From: Will Dean <will@willscorner.net>
In-Reply-To: <CAL9jLaa+1yFZ-+Shk32aRP-Fs1YN_KJ38Bgt-91nNhDUXF3UMw@mail.gmail.com>
Date: Sat, 24 Sep 2011 21:21:49 -0400
To: Christopher Morrow <morrowc.lists@gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Sep 24, 2011, at 9:07 PM, Christopher Morrow wrote:
> On Sat, Sep 24, 2011 at 8:51 PM, Jimmy Hess <mysidia@gmail.com> wrote:
> I think actually.. earthlink uses barefruit? (or they did when ...
> kaminsky was off doing his destruction of the dns liars gangs...)
> Maybe the same backend is used though for the advertizer side?
> (barefruit provides the appliance, some third-party is the
> advertiser/website-host... same for paxfire?)
>=20
Barefruit was just for returning a search engine result for a NXDOMAIN =
response.
It appears Earthlink is now using Paxfire to sniff and proxy a users =
traffic to at least one popular website. Besides the obvious privacy =
implications, it introduces a nice captcha on Google.
- Will=
