[Dshield] Apparent DNS Cache poisoning on Bellsouth name servers

dshield.org at keithbergen.com dshield.org at keithbergen.com
Tue Jan 16 22:50:58 GMT 2007

I have Bellsouth as my home DSL ISP. My DNS servers are and When I ping www.intel.com, I get the following results:
PING a961.g.akamai.net ( 56 data bytes

That is part of the UUNET block. The Intel web site comes up just fine.


-----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of Mikel Williams
Sent: Tuesday, January 16, 2007 4:48 PM
To: General DShield Discussion List
Subject: [Dshield] Apparent DNS Cache poisoning on Bellsouth name servers

We have been having some intermittent connection problems with some sites 

My current DNS server is, as provided by BellSouth, my ISP.

Currently a ping to www.intel.com resolves to a computer named 
a961.g.akamai.net, with an address of, a Romanian address 
according to whois.

Using www.dnsstuff.com, the same ping resolves to as it should.


SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
taught by our top rated instructors plus a huge vendor tools expo.
Register Today! http://www.sans.org/info/2501 (BROCHURECODE: ISC)

More information about the list mailing list