[Unbound-users] DNS poisoning - any ideas how this can happen?
m.bachmann at insign.ch
Mon Feb 9 17:33:52 UTC 2015
We've run into a dns poisoning issue in our company network since Friday.
The issue is being discussed here:
https://forum.pfsense.org/index.php?topic=87491.0 - we use Unbound on a
pfSense. A few other users have the same problem:
- All of a sudden, all host names resolve to a malware host.
- It stops automatically after some time
- There's no arp poisoning going on, so it really comes from Unbound on the
$ host omx.ch
omx.ch has address 18.104.22.168
omx.ch mail is handled by 10 mx1.csof.net.
omx.ch mail is handled by 10 mx2.csof.net.
omx.ch has address 22.214.171.124
omx.ch mail is handled by 10 mxhost1.omx.ch
Other wrongly resolved ips lead to sso.mlwr.io (which tries to redirect
back to xsso.<correcthost.com>/<someidentifier>)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Unbound-users