Security Incidents mailing list archives
RE: DNS CACHE POISONING? - Our Portal is redirecting to our first competition
From: "Boaz Shunami" <BoazS () comsecglobal com>
Date: Wed, 23 Jan 2008 07:53:34 +0200
Hi Some questions you need to ask yourself. Maybe one of the proxy servers got poisoned and not the DNS server? Maybe it's a HTTP Response Splitting attack? We have seen a similar issue awhile ago and it was caused by a mistake of a developer and not by malicious activity... Is it from several different locations or from a single location? Try to reach your site using web proxies and see if you still get the same problem so you know for sure the problem is on your servers. Do you have any substantial evidence as to who has done it? Best Regards, Boaz Shunami Comsec Consulting -----Original Message----- From: ponchovaldes () gmail com [mailto:ponchovaldes () gmail com] Sent: Tuesday, January 22, 2008 2:56 AM To: incidents () securityfocus com Subject: eSafe quarantine: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Hello guys, we have a social network that is getting stronger, but we are having an issue. And the issue is that Sometimes... our page redirects to another Portal, actually the page that redirects is our first competition,here in Latino America, i know that they are causing that kind of mess.. so we thought in this. - We know that our DNS server is ok, and havent been compromised, - DNS cache poisoning - Malware ? - some kind of virus that the guys(bad) made. ( the other portal - social network-) - Other soolution? sue them? HElp guys.. this thing is taking out alot of users :( thanks in advance! Cheers from México ********************************************************************************************** IMPORTANT: The contents of this email and any attachments are confidential. They are intended for the named recipient(s) only. If you have received this email in error, please notify the system manager or the sender immediately and do not disclose the contents to anyone or make copies thereof. *** eSafe scanned this email for viruses, vandals, and malicious content. *** **********************************************************************************************
Current thread:
- Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition, (continued)
- Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Valdis . Kletnieks (Jan 29)
- Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Eduardo Tongson (Jan 30)
- Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Graeme Fowler (Jan 30)
- Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jason Stelzer (Jan 30)
- Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Eduardo Tongson (Jan 31)
- Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jamie Riden (Jan 31)
- Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Eduardo Tongson (Jan 31)
- Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Eduardo Tongson (Jan 28)
- Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jon R. Kibler (Jan 28)