Security Incidents mailing list archives

RE: Superkay.com:888

From: "Dave Hart" <davehart () davehart com>
Date: Wed, 19 Sep 2001 02:58:01 -0000

I'll bet your DNS server is the root of that problem.  See what IP(s)
www.cnn.com or www.oracle.com resolves to on a machine that sees this
problem.  I'll bet it's not what it resolves to on a machine without the
problem.  If your DNS server is NT or Windows 2000 see
http://www.cert.org/incident_notes/IN-2001-11.html

FYI here's what they resolve to for me (and I don't get redirected to
superkay):

Name:    bigip-www.us.oracle.com
Address:  148.87.9.44
Aliases:  www.oracle.com

Name:    cnn.com
Addresses:  207.25.71.27, 207.25.71.29, 64.12.50.153, 64.12.50.249
          64.12.48.217, 64.12.48.249, 64.12.50.121, 207.25.71.5,
64.12.50.217
          207.25.71.25
Aliases:  www.cnn.com

Dave Hart

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

Current thread:

Superkay.com:888 Richard Bradford (Sep 18)
- Re: Superkay.com:888 sanghun (Sep 18)
- <Possible follow-ups>
- RE: Superkay.com:888 Dave Hart (Sep 18)