nanog mailing list archives
Re: .mn.rr.com dns possibly hacked?
From: Carlos Heller <carlosh () de colt net>
Date: Sun, 11 Mar 2001 01:37:06 +0100
Hello,
maybe an spoofing Attack.....
cu
(C)arlos
On Sat, Mar 10, 2001 at 01:28:06PM -0600, Kevin Day wrote:
Delivered-To: carlosh () de colt net Delivered-To: nanog-outgoing () merit edu From: Kevin Day <toasty () temphost dragondata com> Subject: .mn.rr.com dns possibly hacked? To: nanog () merit edu Date: Sat, 10 Mar 2001 13:28:06 -0600 (CST) X-Mailer: ELM [version 2.5 PL3] Precedence: bulk Errors-To: owner-nanog-outgoing () merit edu X-Loop: nanog One of my customers, who's got a cable modem off of mn.rr.com is reporting that roughly half the DNS lookups being done on their servers are returning the IP to www.lolitasex.com. I have no idea how widespread this is, but apparently others in minneapolis are seeing the same thing. If any of you have customers asking why their website is now a porn site, this may be why. :) -- Kevin
-- ___ ___ ___ ___ \C/ \O/ \L/ \T/ (C)arlos Heller (carlosh () de colt net) - COLT TELECOM GmbH V V V V Fon +49 69 95958 0 - Fax +49 69 959598 6350
Current thread:
- .mn.rr.com dns possibly hacked? Kevin Day (Mar 10)
- Re: .mn.rr.com dns possibly hacked? John Payne (Mar 10)
- RE: .mn.rr.com dns possibly hacked? Michelle T (Mar 17)
- RE: .mn.rr.com dns possibly hacked? Michelle T (Mar 17)
- Re: .mn.rr.com dns possibly hacked? Carlos Heller (Mar 10)
- Re: .mn.rr.com dns possibly hacked? John Payne (Mar 10)