[35515] in North American Network Operators' Group
Re: .mn.rr.com dns possibly hacked?
daemon@ATHENA.MIT.EDU (Carlos Heller)
Sat Mar 10 19:43:41 2001
Date: Sun, 11 Mar 2001 01:37:06 +0100
From: Carlos Heller <carlosh@de.colt.net>
To: nanog@merit.edu
Message-ID: <20010311013706.A4084@de.colt.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200103101928.NAA79358@temphost.dragondata.com>; from toasty@temphost.dragondata.com on Sat, Mar 10, 2001 at 01:28:06PM -0600
Errors-To: owner-nanog-outgoing@merit.edu
Hello,
maybe an spoofing Attack.....
cu
(C)arlos
On Sat, Mar 10, 2001 at 01:28:06PM -0600, Kevin Day wrote:
> Delivered-To: carlosh@de.colt.net
> Delivered-To: nanog-outgoing@merit.edu
> From: Kevin Day <toasty@temphost.dragondata.com>
> Subject: .mn.rr.com dns possibly hacked?
> To: nanog@merit.edu
> Date: Sat, 10 Mar 2001 13:28:06 -0600 (CST)
> X-Mailer: ELM [version 2.5 PL3]
> Precedence: bulk
> Errors-To: owner-nanog-outgoing@merit.edu
> X-Loop: nanog
>
>
> One of my customers, who's got a cable modem off of mn.rr.com is reporting
> that roughly half the DNS lookups being done on their servers are returning
> the IP to www.lolitasex.com. I have no idea how widespread this is, but
> apparently others in minneapolis are seeing the same thing.
>
> If any of you have customers asking why their website is now a porn site,
> this may be why. :)
>
> -- Kevin
>
--
___ ___ ___ ___
\C/ \O/ \L/ \T/ (C)arlos Heller (carlosh@de.colt.net) - COLT TELECOM GmbH
V V V V Fon +49 69 95958 0 - Fax +49 69 959598 6350
