Earthlink Contact - DNS cache poisoning

• Previous message (by thread): Earthlink Contact - DNS cache poisoning
• Next message (by thread): Earthlink Contact - DNS cache poisoning
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Sep 24, 2011 at 7:43 PM, Will Dean <will at willscorner.net> wrote:

The  "JOMAX.NET"  response is  indicative that there's a  Paxfire box
in the mix,
intercepting the DNS query  (probably installed by the ISP).


> Anyone out there in Earthlink land? I am seeing what looks to be a cache poisoning attack on ns1.mindspring.com.

> ;; AUTHORITY SECTION:
> www.google.com.         65535   IN      NS      WSC2.JOMAX.NET.
> www.google.com.         65535   IN      NS      WSC1.JOMAX.NET.


--
-JH

• Previous message (by thread): Earthlink Contact - DNS cache poisoning
• Next message (by thread): Earthlink Contact - DNS cache poisoning
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]