DNS hijacking becoming commen place
Len Conrad
LConrad at Go2France.com
Sun Feb 25 10:21:16 UTC 2001
>Case in point, the recent 'McHackers':
>http://www.theregister.co.uk/content/8/17163.html
>
>The prank was performed not by hacking into the server hosting the
>McDonalds site, but by exploiting its domain name servers.
Right now, several days later:
# dig @ns2.netdecisions.co.uk txt chaos version.bind.
; <<>> DiG 8.3 <<>> @ns2.netdecisions.co.uk txt chaos version.bind.
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;; version.bind, type = TXT, class = CHAOS
;; ANSWER SECTION:
VERSION.BIND. 0S CHAOS TXT "8.2.2-P5"
and while we're at it:
# dig @ns2.netdecisions.co.uk McDonalds.co.uk axfr
; <<>> DiG 8.3 <<>> @ns2.netdecisions.co.uk McDonalds.co.uk axfr
; (1 server found)
$ORIGIN mcdonalds.co.uk.
@ 1D IN SOA ns1.netdecisions.co.uk. postmaster (
2830351816 ; serial
8H ; refresh
4H ; retry
5w6d16h ; expiry
1D ) ; minimum
1D IN NS ns1.netdecisions.co.uk.
1D IN NS ns2.netdecisions.co.uk.
1D IN MX 5 mail
brad 1D IN A 195.40.154.112
mail 1D IN A 195.40.154.112
www 1D IN A 194.129.65.106
Len
http://BIND8NT.MEIway.com : Binary for ISC BIND 8.2.3 for NT4 & W2K
http://IMGate.MEIway.com : Build free, hi-perf, anti-spam mail gateways
More information about the bind-users
mailing list