[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
- <!--x-content-type: text/plain -->
- <!--x-date: Wed Apr 6 18:22:39 2005 -->
- <!--x-from-r13: zuj ng jvggfraq.pbz ([vpunry V. Inesvryq) -->
- <!--x-message-id: [email protected] -->
- <!--x-reference: [email protected] --> "http://www.w3.org/TR/html4/loose.dtd">
- <!--x-subject: [ale] AOL, DNS poisoning and spam -->
- <li><em>date</em>: Wed Apr 6 18:22:39 2005</li>
- <li><em>from</em>: mhw at wittsend.com (Michael H. Warfield)</li>
- <li><em>in-reply-to</em>: <<a href="msg00122.html">[email protected]</a>></li>
- <li><em>references</em>: <<a href="msg00122.html">[email protected]</a>></li>
- <li><em>subject</em>: [ale] AOL, DNS poisoning and spam</li>
Ok... So what is your resolver pointing to? There are a LOT of people
trying to track this down and a lot of it appears to be compromised
Windows based DNS servers. The jury is still out if it's compromised
Windows systems which have been taken over or if it's truely DNS cache
poisoning. Researchers are wanting to get at compromised DNS servers
and analyze what has happened at them.
> The whois on ru4.com looks like a spammer to me. (OK, so does AOL, but
> that's a different thread).
So... Run the command "dig www.aol.com" and tell us what you get.
Also, what is in your "/etc/resolve.conf" file? I'll pass the
information on to the security community.
Note to that some "pharming" attacks are targeting the mhosts files on
Windows boxes and will have the same effect.
Mike
--
Michael H. Warfield | (770) 985-6132 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | <a rel="nofollow" href="http://www.wittsend.com/mhw/";>http://www.wittsend.com/mhw/</a>
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<ul><li><strong>Follow-Ups</strong>:
<ul>
<li><strong><a name="00125" href="msg00125.html">[ale] AOL, DNS poisoning and spam</a></strong>
<ul><li><em>From:</em> adrin at haswes.homelinux.org (H. Adrin Story)</li></ul></li>
<li><strong><a name="00126" href="msg00126.html">[ale] AOL, DNS poisoning and spam</a></strong>
<ul><li><em>From:</em> abarton at mindspring.com (Alexander Barton)</li></ul></li>
</ul></li></ul>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00122" href="msg00122.html">[ale] AOL, DNS poisoning and spam</a></strong>
<ul><li><em>From:</em> jkinney at localnetsolutions.com (James P. Kinney III)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00123.html">[ale] AOL, DNS poisoning and spam</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00125.html">[ale] AOL, DNS poisoning and spam</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00123.html">[ale] AOL, DNS poisoning and spam</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00125.html">[ale] AOL, DNS poisoning and spam</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00124"><strong>Date</strong></a></li>
<li><a href="threads.html#00124"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>