nanog mailing list archives
Re: No DNS poisoning at Google (in case of trouble, blame the DNS)
From: Ryan Rawdon <ryan () u13 net>
Date: Wed, 27 Jun 2012 10:30:47 -0400
On Jun 27, 2012, at 10:10 AM, Ryan Rawdon wrote:
On Jun 27, 2012, at 9:26 AM, Jason Hellenthal wrote:What would be nice is the to see the contents of the htaccess file (obviously with sensitive information excluded)I cleaned up compromises similar to this in a customer site fairly recently. In our case it was the same exact behavior but was php injected into their application, instead of .htaccess. I do not recall what the original compromise vector was, it was something in the customer's custom application which they resolved. It looked like the malware did a find and replace for <?php and replaced it with:
<snipped> http://r.u13.net/permatemp/forefront.png My message may have gotten caught as spam/malicious by filters. Not sure if it caught the base64 or plaintext so I snipped both. You can view my original message in the archives at http://mailman.nanog.org/pipermail/nanog/2012-June/049612.html
(where brugge.osa.pl was the destination for the redirects in the compromise of this customer site)On Wed, Jun 27, 2012 at 10:14:12AM -0300, Arturo Servin wrote:<snip>-- - (2^(N-1))
Current thread:
- Re: DNS poisoning at Google?, (continued)
- Re: DNS poisoning at Google? AP NANOG (Jun 27)
- RE: DNS poisoning at Google? Matthew Black (Jun 27)
- Re: DNS poisoning at Google? Bryan Irvine (Jun 27)
- Re: DNS poisoning at Google? Jason Hellenthal (Jun 26)
- Re: DNS poisoning at Google? Kevin Day (Jun 26)
- No DNS poisoning at Google (in case of trouble, blame the DNS) Stephane Bortzmeyer (Jun 27)
- Re: No DNS poisoning at Google (in case of trouble, blame the DNS) Daniel Rohan (Jun 27)
- Re: No DNS poisoning at Google (in case of trouble, blame the DNS) Arturo Servin (Jun 27)
- Re: No DNS poisoning at Google (in case of trouble, blame the DNS) Jason Hellenthal (Jun 27)
- Re: No DNS poisoning at Google (in case of trouble, blame the DNS) Ryan Rawdon (Jun 27)
- Re: No DNS poisoning at Google (in case of trouble, blame the DNS) Ryan Rawdon (Jun 27)
- RE: No DNS poisoning at Google (in case of trouble, blame the DNS) Matthew Black (Jun 27)
- RE: No DNS poisoning at Google (in case of trouble, blame the DNS) Matthew Black (Jun 27)
- Re: No DNS poisoning at Google (in case of trouble, blame the DNS) AP NANOG (Jun 27)
- Re: No DNS poisoning at Google (in case of trouble, blame the DNS) Daniel Rohan (Jun 27)
- Re: No DNS poisoning at Google (in case of trouble, blame the DNS) Arturo Servin (Jun 28)
- Re: No DNS poisoning at Google (in case of trouble, blame the DNS) Tei (Jun 28)
- RE: DNS poisoning at Google? Matthew Black (Jun 26)
- Re: DNS poisoning at Google? Sadiq Saif (Jun 26)