Promosis? Who are these guys?
Florian Weimer
fw at deneb.enyo.de
Wed Apr 20 09:11:10 UTC 2005
* Suresh Ramasubramanian:
> Any idea?
SANS would call this a DNS cache poisoning attack. 8-) It seems that
ns*.dnsauthority.com uses the shortcut I mentioned earlier.
; <<>> DiG 9.2.4 <<>> @ns4.dnsauthority.com de ns
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31561
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;de. IN NS
;; ANSWER SECTION:
de. 14400 IN NS ns4.dnsauthority.com.
de. 14400 IN NS ns5.dnsauthority.com.
;; Query time: 120 msec
;; SERVER: 66.151.179.138#53(ns4.dnsauthority.com)
;; WHEN: Wed Apr 20 11:08:47 2005
;; MSG SIZE rcvd: 72
; <<>> DiG 9.2.4 <<>> @ns4.dnsauthority.com enyo.de
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4729
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;enyo.de. IN A
;; ANSWER SECTION:
enyo.de. 14400 IN A 66.151.179.147
;; AUTHORITY SECTION:
de. 14400 IN NS ns4.dnsauthority.com.
de. 14400 IN NS ns5.dnsauthority.com.
;; Query time: 115 msec
;; SERVER: 66.151.179.138#53(ns4.dnsauthority.com)
;; WHEN: Wed Apr 20 11:10:50 2005
;; MSG SIZE rcvd: 93
More information about the NANOG
mailing list