[unisog] DNS Cache Poisoning

Mike Honeycutt honeycutt at unca.edu
Fri Apr 8 01:51:12 GMT 2005


I hesitate to mention this since I'm not sure
if it was DNS cache poisoning, but I saw the following
about a month:

- Receive a typical phishing email.
- Traced the IP to a hacked server used by
	a small city in Wisconsin.
- Made a few phone calls (it was Saturday),
	and finally spoke to the webmaster.
- He cleaned up his server, and to test it,
	clicked on the link again.
-  This time, the link took us to a hacked server
	in Sweden.

Since I'm not an expert in this area, I chalked it
up to some quirk of the Internet I didn't understand.
I wonder if this was a poisoned cache since the
switch to the server in Sweden was instantaneous.

Mike Honeycutt


======================== 


-----Original Message-----
From: unisog-bounces at lists.sans.org [mailto:unisog-bounces at lists.sans.org]
On Behalf Of BACHAND, Dave (Info. Tech. Services)
Sent: Thursday, April 07, 2005 10:27 AM
To: UNIversity Security Operations Group
Subject: RE: [unisog] DNS Cache Poisoning

We've been seeing DNS attack attempts, but no evidence yet of poisoned
caches on our Windows boxes.

Are there any good descriptions out there of what these attempts look like? 


++++++++++++++++++++++++++++++++++
Dave Bachand
Data Network Manager
Information Technology Services
Eastern Connecticut State University
83 Windham Street
Willimantic, CT
Tel. (860)465-5376
++++++++++++++++++++++++++++++++++

-----Original Message-----
From: unisog-bounces at lists.sans.org
[mailto:unisog-bounces at lists.sans.org] On Behalf Of Bill Martin
Sent: Thursday, April 07, 2005 9:29 AM
To: unisog at lists.sans.org
Subject: [unisog] DNS Cache Poisoning

Has anyone seen attemp on this in the EDU name space yet?  The article can
be viewed at slash dot and SANS has escallated this.  

-Bill Martin-
Sr. Systems Analyst
Loyola University Chicago
bmartin at luc.edu

_______________________________________________
unisog mailing list
unisog at lists.sans.org
http://www.dshield.org/mailman/listinfo/unisog


_______________________________________________
unisog mailing list
unisog at lists.sans.org
http://www.dshield.org/mailman/listinfo/unisog



More information about the unisog mailing list