.mn.rr.com dns possibly hacked?

Carlos Heller carlosh at de.colt.net
Sun Mar 11 00:37:06 UTC 2001



Hello,


maybe an spoofing Attack.....

cu
	(C)arlos

On Sat, Mar 10, 2001 at 01:28:06PM -0600, Kevin Day wrote:
> Delivered-To: carlosh at de.colt.net
> Delivered-To: nanog-outgoing at merit.edu
> From: Kevin Day <toasty at temphost.dragondata.com>
> Subject: .mn.rr.com dns possibly hacked?
> To: nanog at merit.edu
> Date: Sat, 10 Mar 2001 13:28:06 -0600 (CST)
> X-Mailer: ELM [version 2.5 PL3]
> Precedence: bulk
> Errors-To: owner-nanog-outgoing at merit.edu
> X-Loop: nanog
> 
> 
> One of my customers, who's got a cable modem off of mn.rr.com is reporting
> that roughly half the DNS lookups being done on their servers are returning 
> the IP to www.lolitasex.com. I have no idea how widespread this is, but
> apparently others in minneapolis are seeing the same thing.
> 
> If any of you have customers asking why their website is now a porn site,   
> this may be why. :)
> 
> -- Kevin
> 

-- 
___ ___ ___ ___
\C/ \O/ \L/ \T/ (C)arlos Heller (carlosh at de.colt.net) - COLT TELECOM GmbH
 V   V   V   V  Fon +49 69 95958 0 - Fax +49 69 959598 6350




More information about the NANOG mailing list