[nsp-sec] dns issues?

Sweeney, William- CIPS Bill_Sweeney at cable.comcast.com
Thu Feb 26 15:46:07 EST 2009 

Mike,
We're looking at some DNS data right now, related to what you're
describing.  Could you contact me off list w/some details about your
experience w/our DNS in Denver?

Thanks,
Bill

> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net [mailto:nsp-security-
> bounces at puck.nether.net] On Behalf Of Mike Lewinski
> Sent: Thursday, February 26, 2009 3:34 PM
> To: nsp-security at puck.nether.net
> Subject: [nsp-sec] dns issues?
> 
> ----------- nsp-security Confidential --------
> 
> Perhaps these issues are all unrelated, but my spider sense is
starting
> to tingle...
> 
> 
> 1) Last week we had a customer start complaining about periodic
> timeouts
> on one of our resolvers. I'm still investigating it, but it seems to
> have resolved itself without any changes here. What is really strange
> is
> that in my packet captures I can see BIND do the full recursion that
is
> requested, but it simply never sends a reply back to the customer's
> original query while answering other queries at the same time without
a
> problem (and they are using a nagios test to lookup their own www A
> record).
> 
> 2) Yesterday another customer discovered his own resolver cache was
> poisoned, and his access to some web sites was being proxied through
> vipertheripper.com
> 
> 3) This morning Comcast DNS in Denver was positively glacial. I've
> never
> had such laggy responses from them. At first I thought the whole
> connection might be down, but I had some already established
> connections
> that were still working. Once I started routing DNS back through my
VPN
> everything worked fine again.
> 
> 4) And now I've just read this:
> http://arstechnica.com/security/news/2009/02/time-warner-cable-blames-
> ddos-attack-for-spotty-service.ars
> 
> Mike
> 
> 
> --
> Rockynet.com
> 303-629-2860
> AS13345
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-
> security
> community. Confidentiality is essential for effective Internet
security
> counter-measures.
> _______________________________________________

More information about the nsp-security mailing list