Security Incidents mailing list archives
Re: Major DNS cache poisoning at Verisign/WorldNIC
From: Brian McWilliams <bmcw () attbi com>
Date: Wed, 20 Mar 2002 13:17:54 -0500
More on this here: http://www.newsbytes.com/news/02/175343.html Excerpt:A security breach Tuesday involving Verisign's Network Solutions unit disrupted potentially thousands of domain customers, company officials confirmed today.
Attackers compromised a system that hosted thousands of "parked" domains that had been registered through Network Solutions and were still under construction, according to a Verisign representative.
Web surfers who typed in the address of any of the affected domains were sent to a black page which featured an image of a mutilated rag doll and the words, "Did Web Pirates domain your domain?"
The system, which was running Microsoft's Internet Information Server (IIS) on Windows 2000, was operated by Atlanta-based hosting firm Interland under an outsourcing agreement, according to Verisign spokesperson Pat Burns.
[snip] Brian At 02:18 PM 3/19/2002, Matthew F. Caldwell wrote:
Just to let everyone know, there has been some major DNS cache poisoning going on at Verisign apparently done by some Brazilians ("Web Pirates") for web site defacements. If your parking your DNS at worldnic.com (netsol/verisign) you might want to see if you site has been redirected to 64.225.154.175 (owned by Interland of Atlanta) using random DNS servers.Don't you love UDP. Matthew F. Caldwell, CISSP Chief Security Officer GuardedNet, Inc ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service.For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Major DNS cache poisoning at Verisign/WorldNIC Matthew F. Caldwell (Mar 19)
- Re: Major DNS cache poisoning at Verisign/WorldNIC Brian McWilliams (Mar 20)