[AfrICANN-discuss] Google blames DNS insecurity for Web site
defacements
Dr Paulos Nyirenda
paulos at sdnp.org.mw
Mon May 18 10:19:24 SAST 2009
Greetings from Malawi.
We also saw attempts to alter DNS records on the .mw ccTLD on 13 May
2009 around midnight Malawi time. Attempts were made to alter DNS
records at the registry for 23 domains linked to major brands
including those listed by SM here. The attack attempt was on the SQL
server but they did not manage to alter our DNS.
I would also like to confirm that this does not seem to be a case of
DNS cache poisoning, it was an SQL level attack attempt on the
registry.
The attempt at .mw was to change the nameservers to hosts with names
of the form - crackers*.homelinux.com - where * is empty or an
integer. We saw the attack as coming from or via two or more networks
including those with network names: (a) *fdcservers on ARIN and (b)
TurkTelekom on RIPE.
Hope this gives additional technical information.
Regards,
Paulos
======================
Dr Paulos B Nyirenda
.mw ccTLD
http://www.registrar.mw
On 17 May 2009 at 13:58, SM wrote:
> At 02:42 17-05-2009, Calvin Browne wrote:
> >I agree with this - the release is just way too short on details to
> >understand what went wrong here.
> >More details are needed.
>
> There are reports that the following web sites were affected:
>
> www.google.co.ma
>
> www.aol.ug
> www.bmw.co.ug
> www.cisco.co.ug
> www.cnn.co.ug
> www.defenceuganda.mil.ug
> www.google.ug
> www.hotmail.ug
> www.hotmail.co.ug
> www.microsoft.ug
> www.orange.ug
> www.toshiba.co.ug
>
> The nameservers for google.co.ma were changed on 9th May. The domain
> resolved to a different IP address. That brought visitors to a web
> site which wasn't hosted by Google. The .ug problem occurred between
> 11 May and 13 May. This is not a case of DNS cache
> poisoning. DNSSEC does not offer any protection against SQL injection attacks.
>
> Regards,
> -sm
>
> _______________________________________________
> AfrICANN mailing list
> AfrICANN at afrinic.net
> https://lists.afrinic.net/mailman/listinfo.cgi/africann
More information about the AfrICANN
mailing list