[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[no subject]

I got
; <<>> DiG 9.2.3 <<>> www.aol.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30657
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;www.aol.com.                   IN      A

;; ANSWER SECTION:
www.aol.com.            1808    IN      CNAME   www.gwww.aol.com.
www.gwww.aol.com.       47      IN      A       64.12.187.22

;; AUTHORITY SECTION:
gwww.aol.com.           234     IN      NS      mtc-gdns004.ns.aol.com.
gwww.aol.com.           234     IN      NS      dtc-gdns004.ns.aol.com.

;; Query time: 52 msec
;; SERVER: 205.152.144.23#53(205.152.144.23)
;; WHEN: Wed Apr  6 20:12:31 2005
;; MSG SIZE  rcvd: 123

I think the *.ru4.com is the popup and adds on the webpage.  www.aol.com 
looks okay to me. but then I wouldn't know if it was bad. wait AOL is 
bad isn't it?


Michael H. Warfield wrote:
> On Wed, 2005-04-06 at 16:21 -0400, James P. Kinney III wrote:
> 
>>I just read the DNS poisoning notice from /.  I went to www.aol.com and
>>noticed the site was taking forever to load as the url bar at the bottom
>>of firefox kept saying waiting on http300.content.edge.ru4.com 
> 
> 
> 	Ok...  So what is your resolver pointing to?  There are a LOT of people
> trying to track this down and a lot of it appears to be compromised
> Windows based DNS servers.  The jury is still out if it's compromised
> Windows systems which have been taken over or if it's truely DNS cache
> poisoning.  Researchers are wanting to get at compromised DNS servers
> and analyze what has happened at them.
> 
> 
>>The whois on ru4.com looks like a spammer to me. (OK, so does AOL, but
>>that's a different thread).
> 
> 
> 	So...  Run the command "dig www.aol.com" and tell us what you get.
> Also, what is in your "/etc/resolve.conf" file?  I'll pass the
> information on to the security community.
> 
> 	Note to that some "pharming" attacks are targeting the mhosts files on
> Windows boxes and will have the same effect.
> 
> 	Mike
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
&gt; <a  rel="nofollow" href="http://www.ale.org/mailman/listinfo/ale";>http://www.ale.org/mailman/listinfo/ale</a>


</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00122" href="msg00122.html">[ale] AOL, DNS poisoning and spam</a></strong>
<ul><li><em>From:</em> jkinney at localnetsolutions.com (James P. Kinney III)</li></ul></li>
<li><strong><a name="00124" href="msg00124.html">[ale] AOL, DNS poisoning and spam</a></strong>
<ul><li><em>From:</em> mhw at wittsend.com (Michael H. Warfield)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00124.html">[ale] AOL, DNS poisoning and spam</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00126.html">[ale] AOL, DNS poisoning and spam</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00124.html">[ale] AOL, DNS poisoning and spam</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00126.html">[ale] AOL, DNS poisoning and spam</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00125"><strong>Date</strong></a></li>
<li><a href="threads.html#00125"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>