Any ideas what I can do to help my customer? This is the first time we've ever had something like this...
Tim Huffman Director of Engineering Business Only Broadband 777 Oakmont Lane, Suite 2000, Westmont, IL 60559 Direct: 630.590.6012 | Main: 630.590.6000 | Fax: 630.986.2496 thuff...@bobbroadband.com | http://www.bobbroadband.com/ Cell: 630.340.1925 | Toll-Free Customer Support: 877.262.4553 Follow Us on LinkedIn | Follow Us on Twitter please consider the environment prior to printing -----Original Message----- From: Phil Pennock [mailto:dnsop+p...@spodhuis.org] Sent: Friday, October 26, 2012 11:14 PM To: Tim Huffman Cc: dns-operations@lists.dns-oarc.net Subject: Re: [dns-operations] AT&T DNS Cache Poisoning? On 2012-10-27 at 03:36 +0000, Tim Huffman wrote: > We are the primary DNS servers for the ben.edu domain. We seem to be > having an issue with an AT&T server that is responding with incorrect > A records for www.ben.edu and ben.edu. Definitely looks like a cache-poisoning attack. Further, compare and contrast: curl -vH "Host: www.ben.edu" http://208.91.197.132/ ua="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648)" curl -vH "Host: www.ben.edu" -H "User-Agent: $ua" http://208.91.197.132/ There's some JavaScript fetching images via fwdservice.com ... looks like it might be Google click-fraud? -Phil _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs