[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[registrars] [Fwd: NSI domain name attacked by hackers]



Len and all,

I have no idea "how" these things happen. But here it is what Paul Vixie says.
And I also encourage you all thet you document the data you got when tracing
the missdirection and send it to Paul.

We are having fun, these days... (distrctions, always distractions....)

Amadeu


Paul Vixie ( the man behind BIND, the only real DNS 
daemon )just posted this on the BIND mailing list:

one person's caching name server had been told that
www.networksolutions.com's
"A" record was that of ICANN's web server.  the last person who did this
sort
of thing spent time in jail for it, so i'm not expecting anyone to claim
credit
publically this time.  the current work is either a dark and stupid
joke, or
an attempt to discredit ICANN, or an attempt to prompt earlier
deployment of
DNSSEC.  (while we plugged the particular hole used by eugene kashpureff
a few
years ago, it is widely known that DNS cannot be made secure from this
kind of
attack without new technology like DNSSEC.)

if anyone who has a corrupted BIND server would dump its cache and send
me the
IP address that the corrupt A RR came from, i'd appreciate it (and i'll
share
it with CERT and the FBI.)


/Amar