[dns-operations] AT&T DNS Cache Poisoning?
tim at bobbroadband.com
Sat Oct 27 04:23:20 UTC 2012
Any ideas what I can do to help my customer? This is the first time we've ever had something like this...
Director of Engineering
Business Only Broadband
777 Oakmont Lane, Suite 2000, Westmont, IL 60559
Direct: 630.590.6012 | Main: 630.590.6000 | Fax: 630.986.2496
thuffman at bobbroadband.com | http://www.bobbroadband.com/
Cell: 630.340.1925 | Toll-Free Customer Support: 877.262.4553
Follow Us on LinkedIn | Follow Us on Twitter
please consider the environment prior to printing
From: Phil Pennock [mailto:dnsop+phil at spodhuis.org]
Sent: Friday, October 26, 2012 11:14 PM
To: Tim Huffman
Cc: dns-operations at lists.dns-oarc.net
Subject: Re: [dns-operations] AT&T DNS Cache Poisoning?
On 2012-10-27 at 03:36 +0000, Tim Huffman wrote:
> We are the primary DNS servers for the ben.edu domain. We seem to be
> having an issue with an AT&T server that is responding with incorrect
> A records for www.ben.edu and ben.edu.
Definitely looks like a cache-poisoning attack.
Further, compare and contrast:
curl -vH "Host: www.ben.edu" http://22.214.171.124/
ua="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648)"
curl -vH "Host: www.ben.edu" -H "User-Agent: $ua" http://126.96.36.199/
More information about the dns-operations