.mn.rr.com dns possibly hacked?
Carlos Heller
carlosh at de.colt.net
Sun Mar 11 00:37:06 UTC 2001
Hello,
maybe an spoofing Attack.....
cu
(C)arlos
On Sat, Mar 10, 2001 at 01:28:06PM -0600, Kevin Day wrote:
> Delivered-To: carlosh at de.colt.net
> Delivered-To: nanog-outgoing at merit.edu
> From: Kevin Day <toasty at temphost.dragondata.com>
> Subject: .mn.rr.com dns possibly hacked?
> To: nanog at merit.edu
> Date: Sat, 10 Mar 2001 13:28:06 -0600 (CST)
> X-Mailer: ELM [version 2.5 PL3]
> Precedence: bulk
> Errors-To: owner-nanog-outgoing at merit.edu
> X-Loop: nanog
>
>
> One of my customers, who's got a cable modem off of mn.rr.com is reporting
> that roughly half the DNS lookups being done on their servers are returning
> the IP to www.lolitasex.com. I have no idea how widespread this is, but
> apparently others in minneapolis are seeing the same thing.
>
> If any of you have customers asking why their website is now a porn site,
> this may be why. :)
>
> -- Kevin
>
--
___ ___ ___ ___
\C/ \O/ \L/ \T/ (C)arlos Heller (carlosh at de.colt.net) - COLT TELECOM GmbH
V V V V Fon +49 69 95958 0 - Fax +49 69 959598 6350
More information about the NANOG
mailing list