Security Incidents mailing list archives
More Info: DNS poisoning to Korean address
From: Iso Mage <iso () trashcan org>
Date: Wed, 14 May 2003 09:52:39 -0400
On Tue, May 13, 2003 at 11:56:10AM -0400, Iso Mage scribed to To incidents () securityfocus com:
We're experiencing DNS resolution of some internal and external (www.boston.com) sites to 211.202.1.43, and it looks like our mail servers have a pile of emails destined for that address (checking into it now).
We found that the site 211.202.1.104 is running a DNS server which replies back to any lookup with an answer of 211.202.1.43. We're looking now to see if this IP is somehow being pointed to by our DNS servers.
Interestingly, boston.com seems to have removed their DNS records from the net.
We've found this to be unrelated. There was a reported fiber link cut by the BigDig project that knocked several Boston based sites off the net Regards, Iso ---------------------------------------------------------------------------- *** Wireless LAN Policies for Security & Management - NEW White Paper *** Just like wired networks, wireless LANs require network security policies that are enforced to protect WLANs from known vulnerabilities and threats. Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs. To get your FREE white paper visit us at: http://www.securityfocus.com/AirDefense-incidents ----------------------------------------------------------------------------
Current thread:
- DNS poisoning to Korean address Iso Mage (May 13)
- Re: DNS poisoning to Korean address terry white (May 13)
- RE: DNS poisoning to Korean address Mike O'Shaughnessy (May 14)
- More Info: DNS poisoning to Korean address Iso Mage (May 14)
- <Possible follow-ups>
- re: DNS poisoning to Korean address meowbaby (May 15)
- Somewhat OT: DNS poisoning to Korean address Anders Reed Mohn (May 16)
- Re: DNS poisoning to Korean address terry white (May 13)