[afnog] [AfrICANN-discuss] Google blames DNS insecurity for Web site defacements

SM sm at resistor.net
Mon May 18 11:37:28 SAST 2009

Hi Paulos,
At 01:19 18-05-2009, Dr Paulos Nyirenda wrote:
>We also saw attempts to alter DNS records on the .mw ccTLD on 13 May
>2009 around midnight Malawi time. Attempts were made to alter DNS
>records at the registry for 23 domains linked to major brands
>including those listed by SM here. The attack attempt was on the SQL
>server but they did not manage to alter our DNS.

If you are still seeing attempts or you would like to follow up on 
this, please email me off-list.  For what it is worth, there has also 
been attempts against other ccTLDs outside the AfriNIC region over 
the last month.

>The attempt at .mw was to change the nameservers to hosts with names
>of the form - crackers*.homelinux.com - where * is empty or an
>integer. We saw the attack as coming from or via two or more networks
>including those with network names: (a) *fdcservers on ARIN and (b)
>TurkTelekom on RIPE.

Thanks for providing the information.  Hopefully other ccTLDs in the 
region reading will have a better understanding of the "attack" and 
take whatever action they deem appropriate.  Note that the 
nameservers used for the google.co.ma "attack" were different (run by 
a hosting provider in the Seattle (ARIN)).


More information about the AfrICANN mailing list