Earthlink Contact - DNS cache poisoning

Will Dean will at willscorner.net
Sun Sep 25 01:21:49 UTC 2011


On Sep 24, 2011, at 9:07 PM, Christopher Morrow wrote:

> On Sat, Sep 24, 2011 at 8:51 PM, Jimmy Hess <mysidia at gmail.com> wrote:
> I think actually.. earthlink uses barefruit? (or they did when ...
> kaminsky was off doing his destruction of the dns liars gangs...)
> Maybe the same backend is used though for the advertizer side?
> (barefruit provides the appliance, some third-party is the
> advertiser/website-host... same for paxfire?)
> 

Barefruit was just for returning a search engine result for a NXDOMAIN response.

It appears Earthlink is now using Paxfire to sniff and proxy a users traffic to at least one popular website. Besides the obvious privacy implications, it introduces a nice captcha on Google.

- Will



More information about the NANOG mailing list