Looks like it's not the first time for them either. Also reported on the
17th.

Found this with a Google search on 212.69.172.16

FW: Hack - DNS cache poisoning resurfacing

http://archives.neohapsis.com/archives/incidents/2002-01/0133.html

[hi there,
[
[
[We obviously got some cache poisoning recently.
[FYI: we are using MS DNS.
[Anyone got the same problems???
[
[
[I've seen nothing on our IDS...
[
[
[PS: I CCed dnsmasterns3.domainname.at just to check if he's aware of
[this...
[
[
[here's the stuff:
[It looks definitely like the old DNS cache poisoning trick:
[
[
[
[> HERE:
[>
[> C:\WINDOWS>ping www.vmyths.com
[>
[> Pinging www.vmyths.com [212.69.172.16] with 32 bytes of data:
[>
[> Reply from 212.69.172.16: bytes=32 time=97ms TTL=241
[> Reply from 212.69.172.16: bytes=32 time=43ms TTL=241
[> Reply from 212.69.172.16: bytes=32 time=27ms TTL=241
[> Reply from 212.69.172.16: bytes=32 time=27ms TTL=241
[>
[> Ping statistics for 212.69.172.16:
[> Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
[> Approximate round trip times in milli-seconds:
[> Minimum = 27ms, Maximum = 97ms, Average = 48ms
[>
[>
[> THERE:
[>
[> www.vmyths.com
[> Name: vmyths.com
[> Address: 216.217.111.18
[> Aliases: www.vmyths.com
[>
[> let's see if this comes from some poisoning and so on...
[>
[>
[> if we look the SOA records from a distant site, we get this:
[>
[> > set q=SOA
[> > vmyths.com
[> vmyths.com
[> origin = dns9.register.com
[> mail addr = root.register.com
[> serial = 2000011705
[> refresh = 10800 (3H)
[> retry = 86400 (1D)
[> expire = 604800 (1W)
[> minimum ttl = 3600 (1H)
[> vmyths.com nameserver = dns9.register.com
[> vmyths.com nameserver = dns10.register.com
[>
[> whereas if we look at them from our point of view:
[>
[> > set q=SOA
[> > vmyths.com
[ vmyths.com
[> origin = ns3.domainname.at
[> mail address = dnsmaster.ns3.domainname.at
[> serial = 1009665720
[> refresh = 1800 (30M)
[> retry = 600 (10M)
[> expire = 1800 (30M)
[> minimum ttl = 1800 (30M)
[>
[>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]