Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: DNS poisoning or ??

from [Francois Yang] Network Security [Permanent Link]
Subject: Re: DNS poisoning or ??
Date: Tue, 30 Jan 2007 13:29:25 -0600 
wow, nice...you're right.
Bill, even in the header of the message you sent me. it shows that it
came from mail.greenborder.com.  Interesting.  you should also check
to make sure that you're server is not somehow setup to forward mail
thru it.


On 1/29/07, Devin Rambo <drambo@vediorps.com> wrote: 
Bill,

If you Google for "mail.greenborder.com" you'll find a listing of some
message forum posts by you in which the message ID appears to be coming from
mail.greenborder.com. Here's one example:

http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0157.html

You'll want to take a look at your mail logs and see if your server is
introducing itself to others as the nonexistent name. If so, and that
information is getting cached on remote DNS and/or email servers which your
server is communicating with, therein may lie the problem. HTH.

Devin


-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
Behalf Of Bill Stout
Sent: Saturday, January 27, 2007 3:50 PM
To: security-basics@securityfocus.com
Subject: DNS poisoning or ??

Hello,

I'm working through an intermittent incoming email bounce problem I hope
someone can shed some light on.  Over the last week, a few major companies
are reporting intermittent bounces when sending email to us (maybe 5% of the
time).  When they do an MX lookup they occasionally obtain a fake hostname
and IP address.  In their email body the response looks like this:

  ... connect to mail.greenborder.com [216.52.7.214]: Connection timed out
...

I do not have a host named 'mail.greenborder.com' in my DNS records.
The IP address is not a mail server, it's an Internap address.
http://www.dnsstuff.com/tools/whois.ch?ip=216.52.7.214

<snipped>




[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  SF new column announcement: The New Vista Waiting Game, Kelly Martin
Next by Date:  IPSonar, jack603_ny
Previous by Thread:  RE: DNS poisoning or ??, Devin Rambo
Next by Thread:  SF new column announcement: The New Vista Waiting Game, Kelly Martin
Indexes:  [Date] [Thread] [Top] [All Lists]