Earthlink Contact - DNS cache poisoning
Jimmy Hess
mysidia at gmail.com
Sun Sep 25 00:51:11 UTC 2011
On Sat, Sep 24, 2011 at 7:43 PM, Will Dean <will at willscorner.net> wrote:
The "JOMAX.NET" response is indicative that there's a Paxfire box
in the mix,
intercepting the DNS query (probably installed by the ISP).
> Anyone out there in Earthlink land? I am seeing what looks to be a cache poisoning attack on ns1.mindspring.com.
> ;; AUTHORITY SECTION:
> www.google.com. 65535 IN NS WSC2.JOMAX.NET.
> www.google.com. 65535 IN NS WSC1.JOMAX.NET.
--
-JH
More information about the NANOG
mailing list