[154137] in North American Network Operators' Group
Re: DNS poisoning at Google?
daemon@ATHENA.MIT.EDU (Landon Stewart)
Wed Jun 27 00:07:53 2012
In-Reply-To: <ED78B1C68B84A14FA706D13A230D7B431954DB1B@ITS-MAIL01.campus.ad.csulb.edu>
Date: Tue, 26 Jun 2012 21:07:16 -0700
From: Landon Stewart <lstewart@superb.net>
To: Matthew Black <Matthew.Black@csulb.edu>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Is it possible that some malicious software is listening and injecting a
redirect on the wire? We've seen this before with a Windows machine being
infected.
On 26 June 2012 20:53, Matthew Black <Matthew.Black@csulb.edu> wrote:
> Google Safe Browsing and Firefox have marked our website as containing
> malware. They claim our home page returns no results, but redirects users
> to another compromised website couchtarts.com.
>
> We have thoroughly examined our root .htaccess and httpd.conf files and
> are not redirecting to the problem target site. No recent changes either.
>
> We ran some NSLOOKUPs against various public DNS servers and
> intermittently get results that are NOT our servers.
>
> We believe the DNS servers used by Google's crawler have been poisoned.
>
> Can anyone shed some light on this?
>
> matthew black
> information technology services
> california state university, long beach
> www.csulb.edu<http://www.csulb.edu>
>
>
--
Landon Stewart <LStewart@Superb.Net>
Sr. Administrator
Systems Engineering
Superb Internet Corp - 888-354-6128 x 4199
Web hosting and more "Ahead of the Rest": http://www.superbhosting.net
