I haven't looked at the packet level but I'm assuming they would have to be spoofing the remote server's IP for things to work correctly.
Note that they are intercepting both traffic to the TLD servers (to catch invalid domains) and traffic to domain name server (to catch invalid subdomains). Rich Andrew Farnsworth wrote: > On Wed, Oct 1, 2008 at 10:46 AM, Richard Thomas <[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>> wrote: > > > ware wrote: > > cat nameserver 4.2.2.2 <http://4.2.2.2> >> /etc/resolv.conf > > > No. That doesn't help. This is a network based intercept. Any DNS > traffic heading off Bill's network gets intercepted. That's why I > had to > configure stuff to work on port 52 (though any other port would likely > have worked just as well) > > Rich > > > Out of curiosity, do the returning packets have any indication on the > actual server being contacted (i.e. is supplying the bogus DNS info)? > > Andy > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en -~----------~----~----~----~------~----~------~--~---
