[Dshield] Just an FYI Major DNS cache poisoning at Verisign/WorldNIC

Brian McWilliams bmcw at attbi.com
Thu Mar 21 04:04:42 GMT 2002


Since Matt posted that yesterday, there's been new info on the incident. 
Appears to have been a rather high-level mass defacement rather than a DNS 
attack:

http://www.newsbytes.com/news/02/175343.html

Brian

At 03:51 PM 3/20/2002, Paul Marsh wrote:
>I was just forwarded this e-mail
>----------------------------------------------------------------------------
>--
>     Date: Tue, 19 Mar 2002 14:18:56 -0500
>From: "Matthew F. Caldwell" <mattc at guarded.net>
>Subject: Major DNS cache poisoning at Verisign/WorldNIC
>To: <incidents at securityfocus.com>
>
>Just to let everyone know, there has been some major DNS cache poisoning
>going on at Verisign apparently done by some Brazilians ("Web Pirates") for
>web site defacements. If your parking your DNS at worldnic.com
>(netsol/verisign) you might want to see if you site has been redirected to
>64.225.154.175 (owned by Interland of Atlanta) using random DNS servers.
>
>Don't you love UDP.
>
>Matthew F. Caldwell, CISSP
>Chief Security Officer
>GuardedNet, Inc
>
>
>----------------------------------------------------------------------------
>
>Thanx, Paul
>
>
>[[ Attachement of type text/html deleted]]
>
>_______________________________________________
>Dshield mailing list
>Dshield at dshield.org
>To change your subscription options (or unsubscribe), see: 
>http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list