Re: Global DNS Cache poisoning?

• Previous message: Hubbard, Dan: "RE: Global DNS Cache poisoning?"
• In reply to: Russell Guthrie: "Global DNS Cache poisoning?"
• Next in thread: Jay D. Dyson: "Re: Global DNS Cache poisoning?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 04 Mar 2005 14:00:49 -0800
To: incidents@securityfocus.com

Russell Guthrie wrote:
>
> SANS is reporting a potential DNS cache poisoning. Has anyone heard or seen anything to confirm this?
>

SANS Internet Storm Center - http://isc.sans.org/

Updated March 4th 2005 18:11 UTC (Handler: Kyle Haugsness)

Global DNS cache poisoning attack?

We are currently investigating a report from several sites that indicate
users being re-directed to malware sites. At this time it appears to be
a DNS cache poisoning attack (not a spyware, adware, or browser hijack)
and we are seeking more information.

Popular domain names such as google.com, ebay.com, and weather.com are
being directed to the following servers. Of course when connecting to
these servers, "bad things" (tm) will happen, so don't go to them.

www.7sir7.com (217.160.169.87)
123xxl.com (217.160.169.87, 207.44.240.79, 216.127.88.131)
abx4.com (217.160.169.87, 207.44.240.79, 216.127.88.131)

If your site has been affected, please submit the following information:
1. When the attack was first noticed and whether it is still occurring.
2. What DNS server software you having facing the Internet. This
information will be kept in strictest confidence.
3. If you identified any other sites that users were being re-directed
to (besides the ones listed above).

Updates will be made to this diary as we find out more information.

• Previous message: Hubbard, Dan: "RE: Global DNS Cache poisoning?"
• In reply to: Russell Guthrie: "Global DNS Cache poisoning?"
• Next in thread: Jay D. Dyson: "Re: Global DNS Cache poisoning?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]