[Dshield] Just an FYI Major DNS cache poisoning at Verisign/WorldNIC

Brian McWilliams bmcw at attbi.com
Thu Mar 21 04:04:42 GMT 2002

Since Matt posted that yesterday, there's been new info on the incident. 
Appears to have been a rather high-level mass defacement rather than a DNS 



At 03:51 PM 3/20/2002, Paul Marsh wrote:
>I was just forwarded this e-mail
>     Date: Tue, 19 Mar 2002 14:18:56 -0500
>From: "Matthew F. Caldwell" <mattc at guarded.net>
>Subject: Major DNS cache poisoning at Verisign/WorldNIC
>To: <incidents at securityfocus.com>
>Just to let everyone know, there has been some major DNS cache poisoning
>going on at Verisign apparently done by some Brazilians ("Web Pirates") for
>web site defacements. If your parking your DNS at worldnic.com
>(netsol/verisign) you might want to see if you site has been redirected to
> (owned by Interland of Atlanta) using random DNS servers.
>Don't you love UDP.
>Matthew F. Caldwell, CISSP
>Chief Security Officer
>GuardedNet, Inc
>Thanx, Paul
>[[ Attachement of type text/html deleted]]
>Dshield mailing list
>Dshield at dshield.org
>To change your subscription options (or unsubscribe), see: 

More information about the list mailing list