RE: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 23 2008 05:53AM
Boaz Shunami (BoazS comsecglobal com)

Some questions you need to ask yourself.

Maybe one of the proxy servers got poisoned and not the DNS server?

Maybe it's a HTTP Response Splitting attack?

We have seen a similar issue awhile ago and it was caused by a mistake of a developer and not by malicious activity...

Is it from several different locations or from a single location? Try to reach your site using web proxies and see if you still get the same problem so you know for sure the problem is on your servers.

Do you have any substantial evidence as to who has done it?

Best Regards,

Boaz Shunami

Comsec Consulting

-----Original Message-----
From: ponchovaldes (at) gmail (dot) com [email concealed] [mailto:ponchovaldes (at) gmail (dot) com [email concealed]]
Sent: Tuesday, January 22, 2008 2:56 AM
To: incidents (at) securityfocus (dot) com [email concealed]
Subject: eSafe quarantine: DNS CACHE POISONING? - Our Portal is redirecting to our first competition

Hello guys, we have a social network that is getting stronger, but we are having an issue.

And the issue is that Sometimes... our page redirects to another Portal, actually the page that redirects is our first competition,here in Latino America, i know that they are causing that kind of mess.. so we thought in this.

- We know that our DNS server is ok, and havent been compromised,

- DNS cache poisoning

- Malware ?

- some kind of virus that the guys(bad) made. ( the other portal - social network-)

- Other soolution? sue them?

HElp guys.. this thing is taking out alot of users :(

thanks in advance!

Cheers from México
IMPORTANT: The contents of this email and any attachments are confidential. They are intended for the
named recipient(s) only.
If you have received this email in error, please notify the system manager or the sender immediately and do
not disclose the contents to anyone or make copies thereof.
*** eSafe scanned this email for viruses, vandals, and malicious content. ***

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus