RE: DNS poisoning at Google?

[Matthew Black <Matthew.Black () csulb edu>]

Yes, thanks. I'll have to read up on that.

My e-mail was showing extra stuff at the end of the sample command lines, which confused me:

Airy:~ user$ curl -e 'http://google.com&apos; csulb.edu <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head>
...................................................###############################################################

Sigh, I just Outlook not to strip extra line breaks.


matthew black
information technology services
california state university, long beach



-----Original Message-----
From: John Levine [mailto:johnl () iecc com] 
Sent: Tuesday, June 26, 2012 10:30 PM
To: nanog () nanog org
Cc: Matthew Black
Subject: Re: DNS poisoning at Google?

In article <ED78B1C68B84A14FA706D13A230D7B431954E95B () ITS-MAIL01 campus ad csulb edu> you write:
> I'm not familiar with curl and don't understand what I type and what 
> are results. Are you suggesting that when google refers to our website, we pick that up and redirect to couchtarts?

curl is a command line www client that's worth knowing about.

And I observe the same thing, using my own local DNS cache -- if I fetch the home page from csulb.edu or www.csulb.edu 
with Google as the referrer, it returns a page that redirects to couchtarts.

Sorry, dude, you've been pwn3d.

R's,
John


> Airy:~ user$ curl -e 'http://google.com&apos; csulb.edu <!DOCTYPE HTML 
> PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head>
> <title>301 Moved Permanently</title>
> </head><body>
> <h1>Moved Permanently</h1>
> <p>The document has moved <a 
> href="http://www.couchtarts.com/media.php";>here</a>.</p>
> </body></html>