DNS poisoning at Google?

• Previous message (by thread): DNS poisoning at Google?
• Next message (by thread): DNS poisoning at Google?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Yes, thanks. I'll have to read up on that.

My e-mail was showing extra stuff at the end of the sample command lines, which confused me:

Airy:~ user$ curl -e 'http://google.com' csulb.edu <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head>
...................................................###############################################################

Sigh, I just Outlook not to strip extra line breaks.


matthew black
information technology services
california state university, long beach



-----Original Message-----
From: John Levine [mailto:johnl at iecc.com] 
Sent: Tuesday, June 26, 2012 10:30 PM
To: nanog at nanog.org
Cc: Matthew Black
Subject: Re: DNS poisoning at Google?

In article <ED78B1C68B84A14FA706D13A230D7B431954E95B at ITS-MAIL01.campus.ad.csulb.edu> you write:
>I'm not familiar with curl and don't understand what I type and what 
>are results. Are you suggesting that when google refers to our website, we pick that up and redirect to couchtarts?

curl is a command line www client that's worth knowing about.

And I observe the same thing, using my own local DNS cache -- if I fetch the home page from csulb.edu or www.csulb.edu with Google as the referrer, it returns a page that redirects to couchtarts.

Sorry, dude, you've been pwn3d.

R's,
John


>Airy:~ user$ curl -e 'http://google.com' csulb.edu <!DOCTYPE HTML 
>PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head>
><title>301 Moved Permanently</title>
></head><body>
><h1>Moved Permanently</h1>
><p>The document has moved <a 
>href="http://www.couchtarts.com/media.php">here</a>.</p>
></body></html>

• Previous message (by thread): DNS poisoning at Google?
• Next message (by thread): DNS poisoning at Google?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]