[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Level(3) DNS Spoofing All Domains
- Subject: Level(3) DNS Spoofing All Domains
- From: Quincy.Marshall at reged.com (Marshall, Quincy)
- Date: Mon, 18 Nov 2019 17:45:06 +0000
This is mostly informational and may have already hit this group. My google-foo failed me if so.
I discovered that the CenturyLink/Level(3) public DNS (4.2.2.2, etc) are spoofing all domains. If the hostname begins with a "w" and does not exist in the authoritative zone these hosts will return two Akamai hosts.
[root at localhost ~]# dig +short w3.dummydomaindoesntexist.gov @4.2.2.2
23.202.231.167
23.217.138.108
[root at localhost ~]# dig +short w3.dummydomaindoesntexist.net @4.2.2.2
23.202.231.167
23.217.138.108
[root at localhost ~]# dig +short w3.dummydomaindoesntexist.com @4.2.2.2
23.202.231.167
23.217.138.108
[root at localhost ~]# dig +short w3.dummydomaindoesntexist.org @4.2.2.2
23.202.231.167
23.217.138.108
My apologies if this is old news.
Lawrence Q. Marshall
---------------------------------------------------------------------------------------
This email has been scanned for email related threats and delivered safely by Mimecast.
For more information please visit http://www.mimecast.com
---------------------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20191118/9aca3b76/attachment.html>