> It looks as if the hijackers were kind enough to keep www.adobe.com in
> the air:
Obviously not COMPLETELY, as i got a different page for a moment, I was
thinking that maybe they snuck in an extra A record and it was only coming
up every 4 serves or something, but I had done a dig myself and come up
with the same info (192.50.12.101|2|3), tried going to the IPs directly
but found nothing but Adobe, which makes sense...
but where did that other rogue page come from?
The one that claimed that "This domain is reserved for Lee Hill"?
See that the TTLs and refreshes are pretty low though...
think someone's playing around with records in the middle of the night
for the U.S., when it would be noticed but not quite SO blatant?
john
> dns.cnmsn.net. administrator. (
> 13 ; serial
> 15M ; refresh
> 10M ; retry
> 1D ; expiry
> 1H ) ; minimum
>
> 1H IN NS dns.cnmsn.net.
> mail 1H IN A 64.41.250.200
> proxy 1H IN A 192.150.12.90
> www 1H IN A 192.150.12.101
> 1H IN A 192.150.12.102
> 1H IN A 192.150.12.103
> @ 1H IN SOA
> dns.cnmsn.net. administrator. (
> 13 ; serial
> 15M ; refresh
> 10M ; retry
> 1D ; expiry
> 1H ) ; minimum
