Yes, thanks. I'll have to read up on that. My e-mail was showing extra stuff at the end of the sample command lines, which confused me: Airy:~ user$ curl -e 'http://google.com' csulb.edu <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> ...................................................############################################################### Sigh, I just Outlook not to strip extra line breaks. matthew black information technology services california state university, long beach -----Original Message----- From: John Levine [mailto:johnl@iecc.com] Sent: Tuesday, June 26, 2012 10:30 PM To: nanog@nanog.org Cc: Matthew Black Subject: Re: DNS poisoning at Google? In article <ED78B1C68B84A14FA706D13A230D7B431954E95B@ITS-MAIL01.campus.ad.csulb.edu> you write:
I'm not familiar with curl and don't understand what I type and what are results. Are you suggesting that when google refers to our website, we pick that up and redirect to couchtarts?
curl is a command line www client that's worth knowing about. And I observe the same thing, using my own local DNS cache -- if I fetch the home page from csulb.edu or www.csulb.edu with Google as the referrer, it returns a page that redirects to couchtarts. Sorry, dude, you've been pwn3d. R's, John
Airy:~ user$ curl -e 'http://google.com' csulb.edu <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>301 Moved Permanently</title> </head><body> <h1>Moved Permanently</h1> <p>The document has moved <a href="http://www.couchtarts.com/media.php">here</a>.</p> </body></html>