[Dshield] Apparent DNS Cache poisoning on Bellsouth name servers

dshield.org at keithbergen.com dshield.org at keithbergen.com
Tue Jan 16 22:50:58 GMT 2007


I have Bellsouth as my home DSL ISP. My DNS servers are 205.152.37.23 and
205.152.144.23. When I ping www.intel.com, I get the following results:
PING a961.g.akamai.net (65.248.168.166): 56 data bytes

That is part of the UUNET block. The Intel web site comes up just fine.

Keith.

-----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of Mikel Williams
Sent: Tuesday, January 16, 2007 4:48 PM
To: General DShield Discussion List
Subject: [Dshield] Apparent DNS Cache poisoning on Bellsouth name servers


We have been having some intermittent connection problems with some sites 
today.

My current DNS server is 205.152.132.23, as provided by BellSouth, my ISP.

Currently a ping to www.intel.com resolves to a computer named 
a961.g.akamai.net, with an address of 80.67.72.206, a Romanian address 
according to whois.

Using www.dnsstuff.com, the same ping resolves to 72.246.31.35 as it should.


_________________________________________

SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
taught by our top rated instructors plus a huge vendor tools expo.
Register Today! http://www.sans.org/info/2501 (BROCHURECODE: ISC)




More information about the list mailing list