Re: Major DNS cache poisoning at Verisign/WorldNIC

[Brian McWilliams <bmcw () attbi com>]

More on this here:

http://www.newsbytes.com/news/02/175343.html

Excerpt:

A security breach Tuesday involving Verisign's Network Solutions unit 
disrupted potentially thousands of domain customers, company officials 
confirmed today.

Attackers compromised a system that hosted thousands of "parked" domains 
that had been registered through Network Solutions and were still under 
construction, according to a Verisign representative.

Web surfers who typed in the address of any of the affected domains were 
sent to a black page which featured an image of a mutilated rag doll and 
the words, "Did Web Pirates domain your domain?"

The system, which was running Microsoft's Internet Information Server (IIS) 
on Windows 2000, was operated by Atlanta-based hosting firm Interland under 
an outsourcing agreement, according to Verisign spokesperson Pat Burns.

[snip]

Brian

At 02:18 PM 3/19/2002, Matthew F. Caldwell wrote:
> Just to let everyone know, there has been some major DNS cache poisoning 
> going on at Verisign apparently done by some Brazilians ("Web Pirates") 
> for web site defacements. If your parking your DNS at worldnic.com 
> (netsol/verisign) you might want to see if you site has been redirected to 
> 64.225.154.175 (owned by Interland of Atlanta) using random DNS servers.
>
> Don't you love UDP.
>
> Matthew F. Caldwell, CISSP
> Chief Security Officer
> GuardedNet, Inc
>
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com