[79999] in North American Network Operators' Group
Re: Promosis? Who are these guys?
daemon@ATHENA.MIT.EDU (Florian Weimer)
Wed Apr 20 05:11:41 2005
From: Florian Weimer <fw@deneb.enyo.de>
To: Suresh Ramasubramanian <ops.lists@gmail.com>
Cc: Nanog <nanog@nanog.org>
Date: Wed, 20 Apr 2005 11:11:10 +0200
In-Reply-To: <bb0e440a05042000081e5e6f49@mail.gmail.com> (Suresh
Ramasubramanian's message of "Wed, 20 Apr 2005 12:38:18 +0530")
Errors-To: owner-nanog@merit.edu
* Suresh Ramasubramanian:
> Any idea?
SANS would call this a DNS cache poisoning attack. 8-) It seems that
ns*.dnsauthority.com uses the shortcut I mentioned earlier.
; <<>> DiG 9.2.4 <<>> @ns4.dnsauthority.com de ns
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31561
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;de. IN NS
;; ANSWER SECTION:
de. 14400 IN NS ns4.dnsauthority.com.
de. 14400 IN NS ns5.dnsauthority.com.
;; Query time: 120 msec
;; SERVER: 66.151.179.138#53(ns4.dnsauthority.com)
;; WHEN: Wed Apr 20 11:08:47 2005
;; MSG SIZE rcvd: 72
; <<>> DiG 9.2.4 <<>> @ns4.dnsauthority.com enyo.de
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4729
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;enyo.de. IN A
;; ANSWER SECTION:
enyo.de. 14400 IN A 66.151.179.147
;; AUTHORITY SECTION:
de. 14400 IN NS ns4.dnsauthority.com.
de. 14400 IN NS ns5.dnsauthority.com.
;; Query time: 115 msec
;; SERVER: 66.151.179.138#53(ns4.dnsauthority.com)
;; WHEN: Wed Apr 20 11:10:50 2005
;; MSG SIZE rcvd: 93
