nanog mailing list archives
Re: Need help in flushing DNS
From: George Herbert <george.herbert () gmail com>
Date: Fri, 21 Jun 2013 17:29:40 -0700
The indications and claim are that the root cause was registrar internal goof, not hostile action against name servers. The story is not yet detailed enough to add up; getting from point A to point B requires steps that so far don't really make sense. A more detailed explanation is hopefully to be forthcoming... On Fri, Jun 21, 2013 at 5:22 PM, Glen Kent <glen.kent () gmail com> wrote:
Hi, Do we know which DNS server started leaking the poisoned entry? Being new to this, i still dont understand how could a hacker gain access to the DNS server and corrupt the entry there? Wouldnt it require special admin rights, etc. to log in? Glen On Thu, Jun 20, 2013 at 11:32 AM, Paul Ferguson <fergdawgster () gmail comwrote:Hanlon's razor? Misconfiguration. Perhaps not done in malice, but I have no idea where the poison leaked in, or why. :-) - ferg On Wed, Jun 19, 2013 at 10:49 PM, Alex Buie <alex.buie () frozenfeline net> wrote:Anyone have news/explanation about what's happening/happened? On Wed, Jun 19, 2013 at 10:34 PM, Paul Ferguson <fergdawgster () gmail comwrote:Sure enough: ; <<>> DiG 9.7.3 <<>> @localhost yelp.com A ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53267 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;yelp.com. IN A ;; ANSWER SECTION: yelp.com. 300 IN A 204.11.56.20 ;; Query time: 143 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Jun 20 07:33:13 2013 ;; MSG SIZE rcvd: 42 NetRange: 204.11.56.0 - 204.11.59.255 CIDR: 204.11.56.0/22 OriginAS: AS40034 NetName: CONFLUENCE-NETWORKS--TX3 NetHandle: NET-204-11-56-0-1 Parent: NET-204-0-0-0-0 NetType: Direct Allocation Comment: Hosted in Austin TX. Comment: Abuse : Comment: abuse () confluence-networks com Comment: +1-917-386-6118 RegDate: 2012-09-24 Updated: 2012-09-24 Ref: http://whois.arin.net/rest/net/NET-204-11-56-0-1 OrgName: Confluence Networks Inc OrgId: CN Address: 3rd Floor, Omar Hodge Building, Wickhams Address: Cay I, P.O. Box 362 City: Road Town StateProv: Tortola PostalCode: VG1110 Country: VG RegDate: 2011-04-07 Updated: 2011-07-05 Ref: http://whois.arin.net/rest/org/CN OrgAbuseHandle: ABUSE3065-ARIN OrgAbuseName: Abuse Admin OrgAbusePhone: +1-917-386-6118 OrgAbuseEmail: abuse () confluence-networks com OrgAbuseRef: http://whois.arin.net/rest/poc/ABUSE3065-ARIN OrgNOCHandle: NOCAD51-ARIN OrgNOCName: NOC Admin OrgNOCPhone: +1-415-462-7734 OrgNOCEmail: noc () confluence-networks com OrgNOCRef: http://whois.arin.net/rest/poc/NOCAD51-ARIN OrgTechHandle: TECHA29-ARIN OrgTechName: Tech Admin OrgTechPhone: +1-415-358-0858 OrgTechEmail: ipadmin () confluence-networks com OrgTechRef: http://whois.arin.net/rest/poc/TECHA29-ARIN # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/whois_tou.html # - ferg On Wed, Jun 19, 2013 at 10:30 PM, Grant Ridder <shortdudey123 () gmail comwrote:Yelp is evidently also affected On Wed, Jun 19, 2013 at 10:19 PM, John Levine <johnl () iecc com>wrote:Reaching out to DNS operators around the globe. Linkedin.com hashadsomeissues with DNSand would like DNS operators to flush their DNS. If you seewww.linkedin.com resolving NS tons1617.ztomy.com or ns2617.ztomy.com then please flush your DNS. Any other info please reach out to me off-list.While you're at it, www.usps.com, www.fidelity.com, and other well known sites have had DNS poisoning problems. When I restarted my cache, they look OK.-- "Fergie", a.k.a. Paul Ferguson fergdawgster(at)gmail.com-- "Fergie", a.k.a. Paul Ferguson fergdawgster(at)gmail.com
-- -george william herbert george.herbert () gmail com
Current thread:
- Re: Need help in flushing DNS, (continued)
- Re: Need help in flushing DNS chip (Jun 20)
- Re: Need help in flushing DNS Phil Fagan (Jun 20)
- Re: Need help in flushing DNS Niels Bakker (Jun 20)
- Re: Need help in flushing DNS Paul Ferguson (Jun 19)
- Re: Need help in flushing DNS Alex Buie (Jun 19)
- Re: Need help in flushing DNS Grant Ridder (Jun 19)
- Re: Need help in flushing DNS Paul Ferguson (Jun 19)
- Re: Need help in flushing DNS jamie rishaw (Jun 20)
- Re: Need help in flushing DNS Glen Kent (Jun 21)
- Re: Need help in flushing DNS Paul Ferguson (Jun 21)
- Re: Need help in flushing DNS George Herbert (Jun 21)
- Re: Need help in flushing DNS Andree Toonk (Jun 20)
- Re: Need help in flushing DNS Paul Ferguson (Jun 20)
- Re: Need help in flushing DNS Andree Toonk (Jun 20)
- Re: Need help in flushing DNS Andree Toonk (Jun 20)
- Re: Need help in flushing DNS Phil Fagan (Jun 20)
- Re: Need help in flushing DNS Paul Ferguson (Jun 20)
- Re: Need help in flushing DNS Phil Fagan (Jun 20)