AT&T WiFi spoofs Name Server Responses!

[Bill McGonigle]

On Jul 18, 2006, at 16:15, Fred wrote:

> This could mean only one thing, of course. AT&T WiFi must be 
> intercepting
> *all* name server requests, no matter where they are destined, and 
> spoofing
> the response!!!!!!!!!

There are some not-so-small ISP's which do the same thing for home 
users.  I had a list from the last time I did an 'emergency' DNS change 
for a client but I seem to have misplaced the list (I'll find it some 
day).

They appear to cache successful DNS queries for ~2 weeks.  Negative 
caching appears to be shorter.  As such I now plan on 2-week DNS 
cutovers if the client expects anything that might be called seamless.

I'm curious what software one would use to accomplish this, given one 
had such a sociopathic bent, if anybody knows.

DNSSEC might be an answer to your problem, in the general case - it 
ought to be immune to MiM attacks (which this is, just not a malicious 
one).

-Bill
-----
Bill McGonigle, Owner           Work: 603.448.4440
BFC Computing, LLC              Home: 603.448.1668
bill at bfccomputing.com           Cell: 603.252.2606
http://www.bfccomputing.com/    Page: 603.442.1833
Blog: http://blog.bfccomputing.com/
VCard: http://bfccomputing.com/vcard/bill.vcf