[afnog] [AfrICANN-discuss] Google blames DNS insecurity
for Web site defacements
sm at resistor.net
Mon May 18 11:37:28 SAST 2009
At 01:19 18-05-2009, Dr Paulos Nyirenda wrote:
>We also saw attempts to alter DNS records on the .mw ccTLD on 13 May
>2009 around midnight Malawi time. Attempts were made to alter DNS
>records at the registry for 23 domains linked to major brands
>including those listed by SM here. The attack attempt was on the SQL
>server but they did not manage to alter our DNS.
If you are still seeing attempts or you would like to follow up on
this, please email me off-list. For what it is worth, there has also
been attempts against other ccTLDs outside the AfriNIC region over
the last month.
>The attempt at .mw was to change the nameservers to hosts with names
>of the form - crackers*.homelinux.com - where * is empty or an
>integer. We saw the attack as coming from or via two or more networks
>including those with network names: (a) *fdcservers on ARIN and (b)
>TurkTelekom on RIPE.
Thanks for providing the information. Hopefully other ccTLDs in the
region reading will have a better understanding of the "attack" and
take whatever action they deem appropriate. Note that the
nameservers used for the google.co.ma "attack" were different (run by
a hosting provider in the Seattle (ARIN)).
More information about the AfrICANN