[thelist] subdomain or dns hijacking problem

Eduardo Kienetz eduardok at gmail.com
Fri Dec 15 03:54:50 CST 2006


On 12/15/06, J.C. Johnson <lead at offlead.com> wrote:
> Thanks Max. I wasn't entirely sure where to start on this, having run
> through the extent of my existing knowledge earlier this afternoon. Yes, one
> would think I could just turn this issue over to my hosting company. That's
> a discussion for a whole different thread, and we were already planning on
> moving to another company at the first of the year. Looks like our timeline
> is being moved up.
>
> Yes, this issue is occurring from any machine. In fact, I learned of the
> problem after being contacted by a law enforcement officer in another state
> yesterday. It was only when I went looking for the rogue subdomains that
> were supposedly on my machine that I discovered that they are not, in fact,
> on my machine.
>
> I've now looked at the zone file for this and other domains on my server. As
> far as I can tell, it's all the way it is supposed to be. I see only entries
> for mail, www and ftp, and then one entry for dev and one for www.dev, dev
> being the only subdomain I've actually set up myself on that domain. The IP
> address listed is correct for these entries.
>
> Jeniffer

Please read: http://en.wikipedia.org/wiki/DNS_cache_poisoning

-- 
Eduardo  Bacchi Kienetz
LPI Certified - Level 2
http://www.noticiaslinux.com.br/eduardo/



More information about the thelist mailing list