nanog mailing list archives
Re: A Deep Dive on the Recent Widespread DNS Hijacking Attacks
From: Bill Woodcock <woody () pch net>
Date: Sat, 23 Feb 2019 11:29:20 -0800
On Feb 23, 2019, at 11:13 AM, Keith Medcalf <kmedcalf () dessus com> wrote: So in other words this was just an old school script kiddie taking advantage of DNS registrars, the only difference being this was a whole whack of script kiddies acting in concert directed by a not-quite-so-stupid script kiddie, with some "modernz" thrown in for good measure.
It’s Iranian military. If you want to call them script kiddies, that’s up to you, but people familiar with the campaign characterize it as an APT, and have been for the several years that it’s been going on.
the targets perfectly match those that the NSA would choose
Amusing bedfellows, if they weren’t so annoying.
The second takeaway being that DNSSEC is useless
You seem to have gotten that one backwards, by over-straining yourself in an effort to seem clever.
Did I miss anything?
Apparently, yes.
-Bill
Attachment:
signature.asc
Description: Message signed with OpenPGP
Current thread:
- A Deep Dive on the Recent Widespread DNS Hijacking Attacks Stephane Bortzmeyer (Feb 23)
- RE: A Deep Dive on the Recent Widespread DNS Hijacking Attacks Keith Medcalf (Feb 23)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Attacks Bill Woodcock (Feb 23)
- RE: A Deep Dive on the Recent Widespread DNS Hijacking Attacks Keith Medcalf (Feb 23)