Hi there,<div> </div><div>Now we are talking at last....is is or is there not a security issue?</div><div><br></div><div>There have been a number of calls for a detailed technical description of what happened. Can someone in the technical side of activities please spare some minutes to educate us the concerned non-technical-users?</div>
<div><br></div><div>That would help to alleviate the "fear of the unknown" that might be spreading among the user community.</div><div><br></div><div>That will be much appreciated.</div><div><br></div><div>Cheers <br>
<div><br><br><div class="gmail_quote">2009/5/18 SM <span dir="ltr"><<a href="mailto:sm@resistor.net">sm@resistor.net</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Hi Paulos,<div class="im"><br>
At 01:19 18-05-2009, Dr Paulos Nyirenda wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
We also saw attempts to alter DNS records on the .mw ccTLD on 13 May<br>
2009 around midnight Malawi time. Attempts were made to alter DNS<br>
records at the registry for 23 domains linked to major brands<br>
including those listed by SM here. The attack attempt was on the SQL<br>
server but they did not manage to alter our DNS.<br>
</blockquote>
<br></div>
If you are still seeing attempts or you would like to follow up on this, please email me off-list. For what it is worth, there has also been attempts against other ccTLDs outside the AfriNIC region over the last month.<div class="im">
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
The attempt at .mw was to change the nameservers to hosts with names<br>
of the form - crackers*.<a href="http://homelinux.com" target="_blank">homelinux.com</a> - where * is empty or an<br>
integer. We saw the attack as coming from or via two or more networks<br>
including those with network names: (a) *fdcservers on ARIN and (b)<br>
TurkTelekom on RIPE.<br>
</blockquote>
<br></div>
Thanks for providing the information. Hopefully other ccTLDs in the region reading will have a better understanding of the "attack" and take whatever action they deem appropriate. Note that the nameservers used for the <a href="http://google.co.ma" target="_blank">google.co.ma</a> "attack" were different (run by a hosting provider in the Seattle (ARIN)).<div>
<div></div><div class="h5"><br>
<br>
Regards,<br>
-sm <br>
_______________________________________________<br>
AfrICANN mailing list<br>
<a href="mailto:AfrICANN@afrinic.net" target="_blank">AfrICANN@afrinic.net</a><br>
<a href="https://lists.afrinic.net/mailman/listinfo.cgi/africann" target="_blank">https://lists.afrinic.net/mailman/listinfo.cgi/africann</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>c/o DFID-Nigeria<br>No. 10 Bobo Street<br>Maitama<br>Abuja<br>Nigeria<br><br>Skype: yassinmshana1<br>Mobile: +234-803 970 5117<br><br>Do You really NEED TO PRINT THIS? Sure?<br>
<br>
</div></div>