Re: Promosis? Who are these guys?

North American Network Operators Group

Re: Promosis? Who are these guys?

From: Florian Weimer
Date: Wed Apr 20 05:12:20 2005

* Suresh Ramasubramanian:

> Any idea?

SANS would call this a DNS cache poisoning attack.  8-) It seems that
ns*.dnsauthority.com uses the shortcut I mentioned earlier.

; <<>> DiG 9.2.4 <<>> @ns4.dnsauthority.com de ns
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31561
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;de.                            IN      NS

;; ANSWER SECTION:
de.                     14400   IN      NS      ns4.dnsauthority.com.
de.                     14400   IN      NS      ns5.dnsauthority.com.

;; Query time: 120 msec
;; SERVER: 66.151.179.138#53(ns4.dnsauthority.com)
;; WHEN: Wed Apr 20 11:08:47 2005
;; MSG SIZE  rcvd: 72

; <<>> DiG 9.2.4 <<>> @ns4.dnsauthority.com enyo.de
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4729
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;enyo.de.                       IN      A

;; ANSWER SECTION:
enyo.de.                14400   IN      A       66.151.179.147

;; AUTHORITY SECTION:
de.                     14400   IN      NS      ns4.dnsauthority.com.
de.                     14400   IN      NS      ns5.dnsauthority.com.

;; Query time: 115 msec
;; SERVER: 66.151.179.138#53(ns4.dnsauthority.com)
;; WHEN: Wed Apr 20 11:10:50 2005
;; MSG SIZE  rcvd: 93

References:
- Promosis? Who are these guys? Suresh Ramasubramanian

Prev by Date: Promosis? Who are these guys?
Next by Date: Re: Slashdot: Providers Ignoring DNS TTL?
Date Index
Thread Index
Author Index
Historical