nanog mailing list archives
Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)
From: Andrew Fried <andrew.fried () gmail com>
Date: Thu, 20 Jun 2013 16:35:45 -0400
Not so easy and straightforward to do. You'll find that a lot of the big names out there frequently tweak DNS, which will result in a non-stop stream of "alerts". Andy Andrew Fried andrew.fried () gmail com On 6/20/13 3:57 PM, Jared Mauch wrote:
It seems there may be a need for some sort of 'dns-health' check out there that can be done in semi-realtime. I ran a report for someone earlier today on a domain doing an xref against open resolver data searching for valid responses vs invalid ones. Is this of value? Does it need to be automated? - Jared On Jun 20, 2013, at 3:53 PM, jamie rishaw <j () arpa com> wrote:This is most definitely a coordinated and planned attack. And by 'attack' I mean hijacking of domain names. I show as of this morning nearly fifty thousand domain names that appear suspicious. I'm tempted to call uscentcom and/or related agencies (which agencies, who the hell knows, as ICE seems to have some sort of authority over domains (nearly two hundred fifty of them as I type this in COM alone and another thirty-some in NET). Anyone credentialed (credentialed /n/., "I know you or know of you,") wanting data, e-mail me off-list for some TLD goodness. On Thu, Jun 20, 2013 at 12:29 PM, Phil Fagan <philfagan () gmail com> wrote:Agree'd in these "smaller" scenario's I just wonder if in a larger scale scenario, whatever that might look like, if its necessary. Whereby many organizations who provide "services" are effected. Perhaps the result of a State led campaign ....topic for another day. On Thu, Jun 20, 2013 at 11:25 AM, Paul Ferguson <fergdawgster () gmail comwrote:I am betting that Netsol doesn't need any more "coordination" at the moment -- their phones are probably ringing off-the-hook. There are still ~400 domains still pointing to the ztomy NS: ; <<>> DiG 9.7.3 <<>> @foohost parsonstech.com NS ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49064 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;parsonstech.com. IN NS ;; ANSWER SECTION: parsonstech.com. 172800 IN NS ns2617.ztomy.com. parsonstech.com. 172800 IN NS ns1617.ztomy.com. ;; Query time: 286 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Jun 20 19:16:25 2013 ;; MSG SIZE rcvd: 81 - ferg On Thu, Jun 20, 2013 at 10:13 AM, Phil Fagan <philfagan () gmail com>wrote:I should caveat.....coordinate the "recovery" of. On Thu, Jun 20, 2013 at 11:10 AM, Brandon Butterworth <brandon () rd bbc co uk>wrote:Is there an organization that coordinates outages like this amongsttheindustry?No, usually they are surprise outages though Anonymous have tried coordinating a few brandon-- Phil Fagan Denver, CO 970-480-7618-- "Fergie", a.k.a. Paul Ferguson fergdawgster(at)gmail.com-- Phil Fagan Denver, CO 970-480-7618-- Jamie Rishaw // .com.arpa@j <- reverse it. ish. [Impressive C-level Title Here], arpa / arpa labs
Current thread:
- Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS), (continued)
- Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS) Barry Shein (Jun 21)
- Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS) jamie rishaw (Jun 22)
- Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS) Nicolai (Jun 21)
- RE: This is a coordinated hacking. (Was Re: Need help in flushing DNS) Frank Bulk (Jun 21)
- Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS) John Levine (Jun 21)
- Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS) George Herbert (Jun 21)
- Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS) Carsten Bormann (Jun 20)
- RE: This is a coordinated hacking. (Was Re: Need help in flushing DNS) Gabor Tokaji (Jun 20)
- Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS) jamie rishaw (Jun 20)
- Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS) David Walker (Jun 21)