Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: has anyone notice this ?

  • From: Paul Vixie
  • Date: Sun Jun 29 22:44:07 2003 (Jay Hennigan) writes:

> Is Time-Warner associated with Charter Communications?  There's a thread
> on Slashdot about their name servers being hijacked to point all requests
> to a set of rogue proxy servers.

s/name/dhcp/.  specifically, the article states:

	Of course, under Windows, the default is to accept the default dns
        domain specified by a DHCP server for the PC's ethernet
        connection. There are settings to disable this, but I hadn't
        thought about it until now. It turns out, Charter Communications'
        DHCP servers were infiltrated and were providing as
        the 'Connection-specific DNS suffix', causing all non-hardened
        Windows (whatever that means in a Windows context) machines to get
        lookups from a hijacked subdomain DNS server which simply responded
        to every query with a set of 3 addresses (,, ...

i suspect that a dhcp client's willingness to install a "dns search list"
from the dhcp reply is universal (and not just limited to windows clients)
and i've always thought this was a terrible idea.  if i type "ssh foo" then
i want, no matter who the local dhcp server was configured by.

but when i went about removing this sick behaviour from isc dhcp, it turned
out that many people depend on dhcp to get the only "dns search list" they
ever have.  the world seems very strange to me sometimes.
Paul Vixie

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.