nanog mailing list archives
Re: Earthlink Contact - DNS cache poisoning
From: Christopher Morrow <morrowc.lists () gmail com>
Date: Sat, 24 Sep 2011 21:07:16 -0400
On Sat, Sep 24, 2011 at 8:51 PM, Jimmy Hess <mysidia () gmail com> wrote:
On Sat, Sep 24, 2011 at 7:43 PM, Will Dean <will () willscorner net> wrote: The "JOMAX.NET" response is indicative that there's a Paxfire box in the mix, intercepting the DNS query (probably installed by the ISP).
I think actually.. earthlink uses barefruit? (or they did when ... kaminsky was off doing his destruction of the dns liars gangs...) Maybe the same backend is used though for the advertizer side? (barefruit provides the appliance, some third-party is the advertiser/website-host... same for paxfire?)
Anyone out there in Earthlink land? I am seeing what looks to be a cache poisoning attack on ns1.mindspring.com.;; AUTHORITY SECTION: www.google.com. 65535 IN NS WSC2.JOMAX.NET. www.google.com. 65535 IN NS WSC1.JOMAX.NET.-- -JH
Current thread:
- Earthlink Contact - DNS cache poisoning Will Dean (Sep 24)
- Re: Earthlink Contact - DNS cache poisoning Jimmy Hess (Sep 24)
- Re: Earthlink Contact - DNS cache poisoning Christopher Morrow (Sep 24)
- Re: Earthlink Contact - DNS cache poisoning Will Dean (Sep 24)
- Re: Earthlink Contact - DNS cache poisoning Christopher Morrow (Sep 24)
- Re: Earthlink Contact - DNS cache poisoning Christopher Morrow (Sep 24)
- Re: Earthlink Contact - DNS cache poisoning Jimmy Hess (Sep 24)