cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
theallan
Beginner
2,206 Views
Message 1 of 9

BT suffering DNS poisoning attack?

Hi all,

 

It would appear that my domain name is being resolved by the BT DNS servers to an IP that is not the proper host for my domain. It would appear that the BT DNS servers are the only ones suffering from thos - Google and other public DNS servers are not effected.

 

BT DNS (using 213.120.234.42) - WRONG:

 

$ nslookup sprymedia.co.uk 213.120.234.42
Server: 213.120.234.42 Address: 213.120.234.42#53 Non-authoritative answer: Name: sprymedia.co.uk Address: 213.120.234.146 Name: sprymedia.co.uk Address: 213.120.234.109

 

Google public DNS lookup - CORRECT:

 

$ nslookup sprymedia.co.uk 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8#53

Non-authoritative answer:
Name: sprymedia.co.uk
Address: 212.20.236.93

 

What I find most worrying is that 213.120.234.146 appears to have a proxy on it:

 

$ telnet 213.120.234.146 80
GET / HTTP/1.1
Host: sprymedia.co.uk
Connection: close

returns my index page!

 

I only noticed because I use that domain for e-mail and my computer was correctly refusing to connect to it.

 

This is the only domain I've found so far with this issue - all the big ones (Apple, MS, Facebook, etc) resolve as expected.

 

Can anyone confirm if they are also seeing this, or tell me how I should report this to BT (beyond this forum - and I really don't want to be told to restart my computer/HomeHub by the tech support line)?

 

Thanks,

Allan

Tags (1)
0 Ratings
8 REPLIES 8
ray_dorset
Distinguished Guru
2,174 Views
Message 2 of 9

Re: BT suffering DNS poisoning attack?

Is it CG NAT? http://bt.custhelp.com/app/answers/detail/a_id/44044/~/ip-address-translation%2Fsharing
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
If you found this post helpful, please click on the star on the left
If not, I'll try again 🙂
0 Ratings
theallan
Beginner
2,110 Views
Message 3 of 9

Re: BT suffering DNS poisoning attack?

It doesn't appear to be. And it is only this one site that is suffering from the problem.

 

Perhaps someone else could try pinging sprymedia.co.uk to see how it resolves for them on the BT network?

 

Thanks,

Allan

0 Ratings
licquorice
Distinguished Sage
Distinguished Sage
2,104 Views
Message 4 of 9

Re: BT suffering DNS poisoning attack?

Resolves correctly for me. I.e 212.20.236.93

0 Ratings
het_uk
Aspiring Expert
2,091 Views
Message 5 of 9

Re: BT suffering DNS poisoning attack?

C:\Users\het>nslookup
Default Server: indnsc10.bt.net
Address: 194.72.6.57

 

> server 213.120.234.42
Default Server: indnsc92.bt.net
Address: 213.120.234.42

 

> sprymedia.co.uk
Server: indnsc92.bt.net
Address: 213.120.234.42

 

Non-authoritative answer:
Name: sprymedia.co.uk
Address: 212.20.236.93

0 Ratings
theallan
Beginner
2,070 Views
Message 6 of 9

Re: BT suffering DNS poisoning attack?

Thanks so much for the replies! Delighted to hear that it looks like it might be fairly islolated.

 

What are your nameservers? My HomeHub is using:

 

213.120.234.42
213.120.234.38

 

Anyone have any idea about what part of BT I should contact about this?

 

Regards,

Allan

0 Ratings
john46
Distinguished Sage
2,065 Views
Message 7 of 9

Re: BT suffering DNS poisoning attack?

you can only contact the help line with this one
0 Ratings
het_uk
Aspiring Expert
2,055 Views
Message 8 of 9

Re: BT suffering DNS poisoning attack?

I don't know what DNS servers my HH is using as I use my own selection of DNS servers - some including BT's.

 

None of the DNS servers I tested though gave the wrong answer.

0 Ratings
revaido
Aspiring Contributor
1,956 Views
Message 9 of 9

Re: BT suffering DNS poisoning attack?

Is your address a dynamic DNS entry pointing back to your Infinity connection?

 

If so I'm seeing exactly the same problem here:

https://community.bt.com/t5/BT-Infinity-Speed-Connection/Assigned-wrong-IP-at-02-18-11-on-BTCore-21C...

 

I've been assigned 213.120.234.154 and 213.120.234.146 so far and it happens at 02:18:11 on both occassions.

0 Ratings