Earthlink Contact - DNS cache poisoning
mysidia at gmail.com
Sat Sep 24 19:51:11 CDT 2011
On Sat, Sep 24, 2011 at 7:43 PM, Will Dean <will at willscorner.net> wrote:
The "JOMAX.NET" response is indicative that there's a Paxfire box
in the mix,
intercepting the DNS query (probably installed by the ISP).
> Anyone out there in Earthlink land? I am seeing what looks to be a cache poisoning attack on ns1.mindspring.com.
> ;; AUTHORITY SECTION:
> www.google.com. 65535 IN NS WSC2.JOMAX.NET.
> www.google.com. 65535 IN NS WSC1.JOMAX.NET.
More information about the NANOG