DNS hijacking becoming commen place

Len Conrad LConrad at Go2France.com
Sun Feb 25 10:21:16 UTC 2001



>Case in point, the recent 'McHackers':
>http://www.theregister.co.uk/content/8/17163.html
>
>The prank was performed not by hacking into the server hosting the
>McDonalds site, but by exploiting its domain name servers.

Right now, several days later:

# dig @ns2.netdecisions.co.uk txt chaos version.bind.

; <<>> DiG 8.3 <<>> @ns2.netdecisions.co.uk txt chaos version.bind.
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;;      version.bind, type = TXT, class = CHAOS

;; ANSWER SECTION:
VERSION.BIND.           0S CHAOS TXT    "8.2.2-P5"

and while we're at it:

# dig @ns2.netdecisions.co.uk McDonalds.co.uk axfr

; <<>> DiG 8.3 <<>> @ns2.netdecisions.co.uk McDonalds.co.uk axfr
; (1 server found)
$ORIGIN mcdonalds.co.uk.
@                       1D IN SOA       ns1.netdecisions.co.uk. postmaster (
                                         2830351816      ; serial
                                         8H              ; refresh
                                         4H              ; retry
                                         5w6d16h         ; expiry
                                         1D )            ; minimum

                         1D IN NS        ns1.netdecisions.co.uk.
                         1D IN NS        ns2.netdecisions.co.uk.
                         1D IN MX        5 mail
brad                    1D IN A         195.40.154.112
mail                    1D IN A         195.40.154.112
www                     1D IN A         194.129.65.106



Len

http://BIND8NT.MEIway.com : Binary for ISC BIND 8.2.3 for NT4 & W2K
http://IMGate.MEIway.com  : Build free, hi-perf, anti-spam mail gateways



More information about the bind-users mailing list