[afnog] Google blames DNS insecurity for Web site defacements
Bill Woodcock
woody at pch.net
Mon May 18 10:26:18 UTC 2009
>> 2009/5/18 Dr Paulos Nyirenda <paulos at sdnp.org.mw>:
>>> We also saw attempts to alter DNS records on the .mw ccTLD on 13 May
>>> 2009 around midnight Malawi time. Attempts were made to alter DNS
>>> records at the registry for 23 domains linked to major brands
>>> including those listed by SM here. The attack attempt was on the SQL
>>> server but they did not manage to alter our DNS.
>>>
>>> I would also like to confirm that this does not seem to be a case of
>>> DNS cache poisoning, it was an SQL level attack attempt on the
>>> registry.
>>>
>>> The attempt at .mw was to change the nameservers to hosts with names
>>> of the form - crackers*.homelinux.com - where * is empty or an
>>> integer. We saw the attack as coming from or via two or more
>>> networks
>>> including those with network names: (a) *fdcservers on ARIN and (b)
>>> TurkTelekom on RIPE.
Thank you very much for the detailed information, that helps everyone
better understand how to secure their operations.
I've only seen reports of successful SQL compromises of the following
ccTLDs:
EC (Ecuador)
MA (Morocco)
NZ (New Zealand)
PR (Puerto Rico)
TN (Tunisia)
UG (Uganda)
-Bill
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part
URL: <http://afnog.org/pipermail/afnog/attachments/20090518/28e3c825/attachment.bin>
More information about the afnog
mailing list