[35879] in North American Network Operators' Group
RE: .mn.rr.com dns possibly hacked?
daemon@ATHENA.MIT.EDU (Michelle T)
Sat Mar 17 10:40:31 2001
From: "Michelle T" <mtruman@mn.mediaone.net>
To: "John Payne" <john@sackheads.org>,
"Kevin Day" <toasty@temphost.dragondata.com>
Cc: <nanog@merit.edu>
Date: Sat, 17 Mar 2001 09:42:22 -0600
Message-ID: <JDEJLPGHKIKCMOAFHGPNOELACBAA.mtruman@mn.mediaone.net>
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
In-Reply-To: <20010310125430.S15171@haybaler.sackheads.org>
Errors-To: owner-nanog-outgoing@merit.edu
I use my Minneapolis (actually St Paul) RR Cable modem every day, all day
long for vpn access as well as personal use. Haven't seen a single problem
with dns resolution using mn.rr.com. I suppose it is possible that mpls and
st paul use different servers. I believe their primary is my secondary.
-----Original Message-----
From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of
John Payne
Sent: Saturday, March 10, 2001 2:55 PM
To: Kevin Day
Cc: nanog@merit.edu
Subject: Re: .mn.rr.com dns possibly hacked?
On Sat, Mar 10, 2001 at 01:28:06PM -0600, Kevin Day wrote:
>
> One of my customers, who's got a cable modem off of mn.rr.com is reporting
> that roughly half the DNS lookups being done on their servers are
returning
> the IP to www.lolitasex.com. I have no idea how widespread this is, but
> apparently others in minneapolis are seeing the same thing.
Is he running his on caching nameserver, or roadrunners?
I expect someone needs to upgrade their nameserver.
--
John Payne http://www.sackheads.org/jpayne/ john@sackheads.org
http://www.sackheads.org/uce/ Fax: +44 870 0547954
To send me mail, use the address in the From: header
