[nsp-sec] DNS poisoning activity in the wild
Ross, Jason
Jason.Ross at GlobalCrossing.com
Wed Jul 30 11:11:22 EDT 2008
We're seeing tons of traffic since this hit, so much so that we've set up various ACL's to filter traffic from top talkers.
Almost all of this is from Latin America so far. Funny bit is, we've been patched for a while now =)
Leo, is it OK to pass on sanitized bits of this note to DNS Ops? They maintain some firewall rules on the hosts apart from our router ACL's, so I'd like to just let them know "Hey, if you see traffic from this block, leave it alone or contact this address, it's ISC and they're doing research" if that'd be permissible.
> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net [mailto:nsp-security-
> bounces at puck.nether.net] On Behalf Of Leo Bicknell
> Sent: Wednesday, July 30, 2008 10:53 AM
> To: nsp-security NSP
> Subject: Re: [nsp-sec] DNS poisoning activity in the wild
>
> ----------- nsp-security Confidential --------
More information about the nsp-security
mailing list