[154142] in North American Network Operators' Group
Re: DNS poisoning at Google?
daemon@ATHENA.MIT.EDU (Sadiq Saif)
Wed Jun 27 00:16:37 2012
In-Reply-To: <CAL-SDLFBPAN_u_t0OaB+4M_7U4LDzWyRg=__z+L43=LbFhKR2Q@mail.gmail.com>
From: Sadiq Saif <sadiq@asininetech.com>
Date: Wed, 27 Jun 2012 00:15:43 -0400
To: Ishmael Rufus <sakamura@gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
DNS seems to check out from here. Tested against Google DNS, OpenDNS
and Linode's DNS servers.
According to Google:
"Malicious software is hosted on 1 domain(s), including couchtarts.com/."
Normally, I would say this happens due to malicious ads loaded but
this does not seem to be a site that will contain ads. :)
On Wed, Jun 27, 2012 at 12:12 AM, Ishmael Rufus <sakamura@gmail.com> wrote:
> I am also getting the same issue when accessing his website.
>
> On Tue, Jun 26, 2012 at 11:07 PM, Landon Stewart <lstewart@superb.net>wro=
te:
>
>> Is it possible that some malicious software is listening and injecting a
>> redirect on the wire? =C2=A0We've seen this before with a Windows machin=
e being
>> infected.
>>
>> On 26 June 2012 20:53, Matthew Black <Matthew.Black@csulb.edu> wrote:
>>
>> > Google Safe Browsing and Firefox have marked our website as containing
>> > malware. They claim our home page returns no results, but redirects us=
ers
>> > to another compromised website couchtarts.com.
>> >
>> > We have thoroughly examined our root .htaccess and httpd.conf files an=
d
>> > are not redirecting to the problem target site. No recent changes eith=
er.
>> >
>> > We ran some NSLOOKUPs against various public DNS servers and
>> > intermittently get results that are NOT our servers.
>> >
>> > We believe the DNS servers used by Google's crawler have been poisoned=
.
>> >
>> > Can anyone shed some light on this?
>> >
>> > matthew black
>> > information technology services
>> > california state university, long beach
>> > www.csulb.edu<http://www.csulb.edu>
>> >
>> >
>>
>>
>> --
>> Landon Stewart <LStewart@Superb.Net>
>> Sr. Administrator
>> Systems Engineering
>> Superb Internet Corp - 888-354-6128 x 4199
>> Web hosting and more "Ahead of the Rest": http://www.superbhosting.net
>>
--=20
Sadiq S
O< ascii ribbon campaign - stop html mail - www.asciiribbon.org
