[Dshield] Apparent DNS Cache poisoning on Bellsouth name servers

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Tue Jan 16 22:58:38 GMT 2007


On Tue, 16 Jan 2007 16:30:13 CST, Yiming Gong said:
> It has nothing to do with DNS Cache poisoning,
> 
> You are expected to see many famous sites under "akamai.net", since
> akamai is a content cache service provider.
> 
> Yiming Gong
> 
> On 1/16/07, Mikel Williams <mikelw at ruffinbuildingsystems.com> wrote:
> > We have been having some intermittent connection problems with some sites
> > today.
> >
> > My current DNS server is 205.152.132.23, as provided by BellSouth, my ISP.
> >
> > Currently a ping to www.intel.com resolves to a computer named
> > a961.g.akamai.net, with an address of 80.67.72.206, a Romanian address
> > according to whois.

It's even more fun when you trace www.famous-company.com, and it comes back
in only 2 hops because it never left the building.

Sometimes it takes a while before I remember that we have an Akamai cache
in the machine room.. ;)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.sans.org/pipermail/list/attachments/20070116/502f306b/attachment.bin 


More information about the list mailing list