[afnog] [AfrICANN-discuss] Google blames DNS insecurity for Web site defacements

Dr Yassin Mshana ymshana2003 at gmail.com
Mon May 18 11:55:47 SAST 2009


Hi there,
Now we are talking at last....is is or is there not a security issue?

There have been a number of calls for a detailed technical description of
what happened. Can someone in the technical side of activities please spare
some minutes to educate us the concerned non-technical-users?

That would help to alleviate the "fear of the unknown" that might be
spreading among the user community.

That will be much appreciated.

Cheers


2009/5/18 SM <sm at resistor.net>

> Hi Paulos,
> At 01:19 18-05-2009, Dr Paulos Nyirenda wrote:
>
>> We also saw attempts to alter DNS records on the .mw ccTLD on 13 May
>> 2009 around midnight Malawi time. Attempts were made to alter DNS
>> records at the registry for 23 domains linked to major brands
>> including those listed by SM here. The attack attempt was on the SQL
>> server but they did not manage to alter our DNS.
>>
>
> If you are still seeing attempts or you would like to follow up on this,
> please email me off-list.  For what it is worth, there has also been
> attempts against other ccTLDs outside the AfriNIC region over the last
> month.
>
>  The attempt at .mw was to change the nameservers to hosts with names
>> of the form - crackers*.homelinux.com - where * is empty or an
>> integer. We saw the attack as coming from or via two or more networks
>> including those with network names: (a) *fdcservers on ARIN and (b)
>> TurkTelekom on RIPE.
>>
>
> Thanks for providing the information.  Hopefully other ccTLDs in the region
> reading will have a better understanding of the "attack" and take whatever
> action they deem appropriate.  Note that the nameservers used for the
> google.co.ma "attack" were different (run by a hosting provider in the
> Seattle (ARIN)).
>
>
> Regards,
> -sm
> _______________________________________________
> AfrICANN mailing list
> AfrICANN at afrinic.net
> https://lists.afrinic.net/mailman/listinfo.cgi/africann
>



-- 
c/o DFID-Nigeria
No. 10 Bobo Street
Maitama
Abuja
Nigeria

Skype: yassinmshana1
Mobile: +234-803 970 5117

Do You really NEED TO PRINT THIS? Sure?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.afrinic.net/pipermail/africann/attachments/20090518/6b4f1615/attachment-0001.htm


More information about the AfrICANN mailing list