Security Incidents mailing list archives
Writeup: it. TLD going astray
From: arrigo () ALBOURNE COM (Arrigo Triulzi)
Date: Mon, 3 Jan 2000 11:49:59 +0000
OK, so the full story is: 1/1/2000 @ approx 10:00 GMT I start getting weird error messages from a machine in Italy on which I have some sysadmin responsibility. Two mailing lists I subscribe to start reporting weirdos with the .it TLD. While working on the sunrpc tcpdump logs I notice that one mail being queued on my boxes for an it. domain is causing lots "port unreachable" or SERVFAIL messages to come back... 1/1/2000 @ approx 12:00 GMT Nobody is able to get a domain request answered from dns.nic.it (primary) or dns2.nic.it - secondaries start losing it. zones and in particular one it. secondary venere.inet.it loses nic.it completely... The suggestion that the 8.2.2 hole is responsible for this surfaces on the mailing lists. Everyone seems to agree although there is no hard evidence. 1/1/2000 @ approx 15:00 GMT I get in touch with colleagues in Italy by phone and after a quick round of phone calls it transpires that yes, dns.nic.it is not responding to domain queries. Furthermore the people responsible have been contacted but it appears that access to the premises where the machines are kept is impossible... 2/1/2000 @ approx 10:00 GMT dns.nic.it is alive again but it appears that hte zones loaded are from December 15th which causes one of my contacts to have problems as one of his customers moved on December 16th and now he is rejecting all e-mail with a "relaying denied" as the zones are now incorrect. Things are therefore still rather funny with whois.nic.it reporting the correct entries and the primary DNS propagating old stuff. No word as to whether it was a hack or simply a machine failure. Somehow I doubt we will know the truth quickly... Ciao, Arrigo
Current thread:
- port 119, (continued)
- port 119 Dariusz Zmokly (Jan 03)
- Re: port 119 Robert Graham (Jan 03)
- Re: port 119 Thomas Molina (Jan 04)
- Re: port 119 Vince Vielhaber (Jan 05)
- Ports 25092 / 20869 Vanja Hrustic (Jan 04)
- Re: Ports 25092 / 20869 Robert Graham (Jan 04)
- port 1150 and 4833 ? Kim R. Rasmussen (Jan 04)
- Re: port 1150 and 4833 ? Frameloss, Frameloss (Jan 10)
- Re: port 119 R a v e N (Jan 05)
- Re: port 119 Scott Laws (Jan 04)
- Writeup: it. TLD going astray Arrigo Triulzi (Jan 03)
- Computer Forsenics System Administrator (Jan 03)
- Re: Computer Forsenics-> www.fish.com/forensics mike (Jan 03)
- traceroute ICMP packets Laszlo Fabian (Jan 04)
- Re: traceroute ICMP packets M J (Jan 04)
- Re: traceroute ICMP packets Larry Canup (Jan 18)
- Re: ICMP time exceed in-transit packets Paul Cardon (Jan 02)
- Re: Port Scan on 371... Etaoin Shrdlu (Jan 02)