Any ideas what I can do to help my customer? This is the first time we've ever had something like this...
Tim Huffman Director of Engineering Business Only Broadband 777 Oakmont Lane, Suite 2000, Westmont, IL 60559 Direct: 630.590.6012 | Main: 630.590.6000 | Fax: 630.986.2496 [email protected] | http://www.bobbroadband.com/ Cell: 630.340.1925 | Toll-Free Customer Support: 877.262.4553 Follow Us on LinkedIn | Follow Us on Twitter please consider the environment prior to printing -----Original Message----- From: Phil Pennock [mailto:[email protected]] Sent: Friday, October 26, 2012 11:14 PM To: Tim Huffman Cc: [email protected] Subject: Re: [dns-operations] AT&T DNS Cache Poisoning? On 2012-10-27 at 03:36 +0000, Tim Huffman wrote: > We are the primary DNS servers for the ben.edu domain. We seem to be > having an issue with an AT&T server that is responding with incorrect > A records for www.ben.edu and ben.edu. Definitely looks like a cache-poisoning attack. Further, compare and contrast: curl -vH "Host: www.ben.edu" http://208.91.197.132/ ua="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648)" curl -vH "Host: www.ben.edu" -H "User-Agent: $ua" http://208.91.197.132/ There's some JavaScript fetching images via fwdservice.com ... looks like it might be Google click-fraud? -Phil _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
