More Info: DNS poisoning to Korean address

[Iso Mage <iso () trashcan org>]

On Tue, May 13, 2003 at 11:56:10AM -0400, Iso Mage scribed to To incidents () securityfocus com:
> We're experiencing DNS resolution of some internal and external
> (www.boston.com) sites to 211.202.1.43, and it looks like our mail
> servers have a pile of emails destined for that address (checking into
> it now).

We found that the site 211.202.1.104 is running a DNS server which
replies back to any lookup with an answer of 211.202.1.43.  We're
looking now to see if this IP is somehow being pointed to by our DNS
servers.

> Interestingly, boston.com seems to have removed their DNS records from
> the net. 

We've found this to be unrelated.  There was a reported fiber link cut
by the BigDig project that knocked several Boston based sites off the net

Regards,

Iso

----------------------------------------------------------------------------
*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies 
that are enforced to protect WLANs from known vulnerabilities and threats. 
Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.

To get your FREE white paper visit us at:    
http://www.securityfocus.com/AirDefense-incidents
----------------------------------------------------------------------------