Earthlink Contact - DNS cache poisoning

Christopher Morrow morrowc.lists at gmail.com
Sat Sep 24 20:35:48 CDT 2011


On Sat, Sep 24, 2011 at 9:21 PM, Will Dean <will at willscorner.net> wrote:
>
> On Sep 24, 2011, at 9:07 PM, Christopher Morrow wrote:
>
>> On Sat, Sep 24, 2011 at 8:51 PM, Jimmy Hess <mysidia at gmail.com> wrote:
>> I think actually.. earthlink uses barefruit? (or they did when ...
>> kaminsky was off doing his destruction of the dns liars gangs...)
>> Maybe the same backend is used though for the advertizer side?
>> (barefruit provides the appliance, some third-party is the
>> advertiser/website-host... same for paxfire?)
>>
>
> Barefruit was just for returning a search engine result for a NXDOMAIN response.

ah, paxfire does the same...

>
> It appears Earthlink is now using Paxfire to sniff and proxy a users traffic to at least one popular website. Besides the obvious privacy implications, it introduces a nice captcha on Google.

hrm, they could simply use the appliances to answer: "www.google.com
-> jomax.net-ns-answer" which is a frontend simply 30[24]'ing off to
the jomax-esque site... Oh, you get the captcha though via earthlink?
that sucks :(

-chris



More information about the NANOG mailing list