nanog mailing list archives
Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)
From: jamie rishaw <j () arpa com>
Date: Thu, 20 Jun 2013 15:02:28 -0500
I'm rechecking realtime ns1620/2620 DNS right now and, looking at the output, I see an odd number of domains (that have changed) with a listed nameserver of "localhost.". Is this some sort of tactic I'm unaware of? On Thu, Jun 20, 2013 at 2:57 PM, Jared Mauch <jared () puck nether net> wrote:
It seems there may be a need for some sort of 'dns-health' check out there that can be done in semi-realtime. I ran a report for someone earlier today on a domain doing an xref against open resolver data searching for valid responses vs invalid ones. Is this of value? Does it need to be automated? - Jared On Jun 20, 2013, at 3:53 PM, jamie rishaw <j () arpa com> wrote:This is most definitely a coordinated and planned attack. And by 'attack' I mean hijacking of domain names. I show as of this morning nearly fifty thousand domain names that appear suspicious. I'm tempted to call uscentcom and/or related agencies (which agencies,whothe hell knows, as ICE seems to have some sort of authority over domains (nearly two hundred fifty of them as I type this in COM alone and another thirty-some in NET). Anyone credentialed (credentialed /n/., "I know you or know of you,") wanting data, e-mail me off-list for some TLD goodness. On Thu, Jun 20, 2013 at 12:29 PM, Phil Fagan <philfagan () gmail com>wrote:Agree'd in these "smaller" scenario's I just wonder if in a larger scale scenario, whatever that might look like, if its necessary. Whereby many organizations who provide "services" are effected. Perhaps the resultof aState led campaign ....topic for another day. On Thu, Jun 20, 2013 at 11:25 AM, Paul Ferguson <fergdawgster () gmail comwrote:I am betting that Netsol doesn't need any more "coordination" at the moment -- their phones are probably ringing off-the-hook. There are still ~400 domains still pointing to the ztomy NS: ; <<>> DiG 9.7.3 <<>> @foohost parsonstech.com NS ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49064 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;parsonstech.com. IN NS ;; ANSWER SECTION: parsonstech.com. 172800 IN NS ns2617.ztomy.com. parsonstech.com. 172800 IN NS ns1617.ztomy.com. ;; Query time: 286 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Jun 20 19:16:25 2013 ;; MSG SIZE rcvd: 81 - ferg On Thu, Jun 20, 2013 at 10:13 AM, Phil Fagan <philfagan () gmail com>wrote:I should caveat.....coordinate the "recovery" of. On Thu, Jun 20, 2013 at 11:10 AM, Brandon Butterworth <brandon () rd bbc co uk>wrote:Is there an organization that coordinates outages like this amongsttheindustry?No, usually they are surprise outages though Anonymous have tried coordinating a few brandon-- Phil Fagan Denver, CO 970-480-7618-- "Fergie", a.k.a. Paul Ferguson fergdawgster(at)gmail.com-- Phil Fagan Denver, CO 970-480-7618-- Jamie Rishaw // .com.arpa@j <- reverse it. ish. [Impressive C-level Title Here], arpa / arpa labs
-- Jamie Rishaw // .com.arpa@j <- reverse it. ish. [Impressive C-level Title Here], arpa / arpa labs
Current thread:
- This is a coordinated hacking. (Was Re: Need help in flushing DNS) jamie rishaw (Jun 20)
- Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS) Jared Mauch (Jun 20)
- Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS) jamie rishaw (Jun 20)
- Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS) George Herbert (Jun 20)
- Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS) jamie rishaw (Jun 20)
- Fwd: This is a coordinated hacking. (Was Re: Need help in flushing DNS) jamie rishaw (Jun 20)
- Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS) Jimmy Hess (Jun 20)
- Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS) Jeff Shultz (Jun 20)
- Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS) Valdis . Kletnieks (Jun 20)
- Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS) RijilV (Jun 20)
- Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS) Randy Bush (Jun 20)
- Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS) Bryan Irvine (Jun 20)
- Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS) Ryan - Lists (Jun 20)
- Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS) jamie rishaw (Jun 20)
- Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS) Jared Mauch (Jun 20)