- Subject: Re: NSI domain name attacked by hackers
- From: Amar <amar@telia.net>
- Date: Fri, 02 Jul 1999 19:05:06 +0200
- CC: core@corenic.org
- Organization: Registry Telia Net
- References: <Pine.HPX.4.10.9907021855230.25802-100000@hp9000.do.knipp.de>
- Sender: owner-core-l@corenic.org
Paul Vixie ( the man behind BIND, the only real DNS
daemon )just posted this on the BIND mailing list:
one person's caching name server had been told that
www.networksolutions.com's
"A" record was that of ICANN's web server. the last person who did this
sort
of thing spent time in jail for it, so i'm not expecting anyone to claim
credit
publically this time. the current work is either a dark and stupid
joke, or
an attempt to discredit ICANN, or an attempt to prompt earlier
deployment of
DNSSEC. (while we plugged the particular hole used by eugene kashpureff
a few
years ago, it is widely known that DNS cannot be made secure from this
kind of
attack without new technology like DNSSEC.)
if anyone who has a corrupted BIND server would dump its cache and send
me the
IP address that the corrupt A RR came from, i'd appreciate it (and i'll
share
it with CERT and the FBI.)
/Amar