Earthlink Contact - DNS cache poisoning
morrowc.lists at gmail.com
Sun Sep 25 01:07:16 UTC 2011
On Sat, Sep 24, 2011 at 8:51 PM, Jimmy Hess <mysidia at gmail.com> wrote:
> On Sat, Sep 24, 2011 at 7:43 PM, Will Dean <will at willscorner.net> wrote:
> The "JOMAX.NET" response is indicative that there's a Paxfire box
> in the mix,
> intercepting the DNS query (probably installed by the ISP).
I think actually.. earthlink uses barefruit? (or they did when ...
kaminsky was off doing his destruction of the dns liars gangs...)
Maybe the same backend is used though for the advertizer side?
(barefruit provides the appliance, some third-party is the
advertiser/website-host... same for paxfire?)
>> Anyone out there in Earthlink land? I am seeing what looks to be a cache poisoning attack on ns1.mindspring.com.
>> ;; AUTHORITY SECTION:
>> www.google.com. 65535 IN NS WSC2.JOMAX.NET.
>> www.google.com. 65535 IN NS WSC1.JOMAX.NET.
More information about the NANOG