Earthlink Contact - DNS cache poisoning

Jimmy Hess mysidia at
Sat Sep 24 19:51:11 CDT 2011

On Sat, Sep 24, 2011 at 7:43 PM, Will Dean <will at> wrote:

The  "JOMAX.NET"  response is  indicative that there's a  Paxfire box
in the mix,
intercepting the DNS query  (probably installed by the ISP).

> Anyone out there in Earthlink land? I am seeing what looks to be a cache poisoning attack on

>         65535   IN      NS      WSC2.JOMAX.NET.
>         65535   IN      NS      WSC1.JOMAX.NET.


More information about the NANOG mailing list