RE: Possible DNS compromise/poisoning?

["Madison, Marc" <mmadison () fnni com>]

This is the correct information for MS.  Perform a search on the address
obtained in your dns query to confirm.



-----Original Message-----
From: full-disclosure-bounces () lists netsys com
[mailto:full-disclosure-bounces () lists netsys com] On Behalf Of
nicholasnam () hush com
Sent: Wednesday, January 05, 2005 8:45 AM
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] Possible DNS compromise/poisoning?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Is anyone else seeing this:

- --SNIP--
;; QUESTION SECTION:
;www.microsoft.com.             IN      A

;; ANSWER SECTION:
www.microsoft.com.      2415    IN      CNAME
www.microsoft.com.nsatc.net.
- --SNIP--

Notice that www.microsoft.com is a cname for
www.microsoft.com.nsatc.net.  It's not limited to www.microsoft.com and
to the best of my knowledge the correct web content is displayed.
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4

wkYEARECAAYFAkHb/bwACgkQQOst28rex96r7wCgsFrpGByDC4YOskegpoIOetZsfMQA
oIqgBD6fqzV1t57I/Yh+ayae4Z/Z
=xvDv
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html