[154144] in North American Network Operators' Group
RE: DNS poisoning at Google?
daemon@ATHENA.MIT.EDU (Matthew Black)
Wed Jun 27 00:25:12 2012
From: Matthew Black <Matthew.Black@csulb.edu>
To: Landon Stewart <lstewart@superb.net>
Date: Wed, 27 Jun 2012 04:24:26 +0000
In-Reply-To: <CABgOHgv0xZpot5oHG7RtfCJRBfMCj15GxYHR_kdJtL_PDua9YQ@mail.gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Running Apache on three Solaris webservers behind a load balancer. No MS Wi=
ndows!
Not sure how malicious software could get between our load balancer and Uni=
x servers. Thanks for the tip!
matthew black
information technology services
california state university, long beach
From: Landon Stewart [mailto:lstewart@superb.net]
Sent: Tuesday, June 26, 2012 9:07 PM
To: Matthew Black
Cc: nanog@nanog.org
Subject: Re: DNS poisoning at Google?
Is it possible that some malicious software is listening and injecting a re=
direct on the wire? We've seen this before with a Windows machine being in=
fected.
On 26 June 2012 20:53, Matthew Black <Matthew.Black@csulb.edu<mailto:Matthe=
w.Black@csulb.edu>> wrote:
Google Safe Browsing and Firefox have marked our website as containing malw=
are. They claim our home page returns no results, but redirects users to an=
other compromised website couchtarts.com<http://couchtarts.com>.
We have thoroughly examined our root .htaccess and httpd.conf files and are=
not redirecting to the problem target site. No recent changes either.
We ran some NSLOOKUPs against various public DNS servers and intermittently=
get results that are NOT our servers.
We believe the DNS servers used by Google's crawler have been poisoned.
Can anyone shed some light on this?
matthew black
information technology services
california state university, long beach
www.csulb.edu<http://www.csulb.edu><http://www.csulb.edu>
--
Landon Stewart <LStewart@Superb.Net<mailto:LStewart@Superb.Net>>
Sr. Administrator
Systems Engineering
Superb Internet Corp - 888-354-6128 x 4199
Web hosting and more "Ahead of the Rest": http://www.superbhosting.net<http=
://www.superbhosting.net/>
