[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <77651260-1643-4300-BBE5-0D7D029CF8B0@utc.edu>
Date: Sun, 25 Mar 2007 16:05:53 -0400
From: Michael Ward <mike-ward@....edu>
To: Tim <tim-security@...tinelchicken.org>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: I'm not the only one who can't resolve
phishtank.com, but some can..
I'm on a Mac, so I'm pretty sure I don't have any DNS poisoning or
evil malware. My hosts is intact:
caprica:~ mward$ cat /etc/hosts
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
##
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
On Mar 25, 2007, at 3:53 PM, Tim wrote:
>
> Looks fine for me:
>
> ------------
>
> ; <<>> DiG 9.3.4 <<>> phishtank.com
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26391
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;phishtank.com. IN A
>
> ;; ANSWER SECTION:
> phishtank.com. 42 IN A 66.135.40.79
>
> ;; Query time: 4 msec
> ;; SERVER: 10.0.1.1#53(10.0.1.1)
> ;; WHEN: Sun Mar 25 15:49:29 2007
> ;; MSG SIZE rcvd: 47
>
> -------------
>
> Do some of you happen to have a poisoned MS or Symantec DNS cache
> upstream of you? (See [1] fmi.)
>
> tim
>
>
> 1. http://www.incidents.org/presentations/dnspoisoning.html
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists