Earthlink Contact - DNS cache poisoning

Jimmy Hess mysidia at gmail.com
Sat Sep 24 19:51:11 CDT 2011


On Sat, Sep 24, 2011 at 7:43 PM, Will Dean <will at willscorner.net> wrote:

The  "JOMAX.NET"  response is  indicative that there's a  Paxfire box
in the mix,
intercepting the DNS query  (probably installed by the ISP).


> Anyone out there in Earthlink land? I am seeing what looks to be a cache poisoning attack on ns1.mindspring.com.

> ;; AUTHORITY SECTION:
> www.google.com.         65535   IN      NS      WSC2.JOMAX.NET.
> www.google.com.         65535   IN      NS      WSC1.JOMAX.NET.


--
-JH



More information about the NANOG mailing list