Fidelity Domain Hijack?

asenec at senechalle.net asenec at senechalle.net
Wed Jun 27 00:09:49 UTC 2001


I can't help but think that this problem is somehow
related to a URL which has been showing up in various
access logs on our servers:

> 61.142.242.124 unknown - [16/Jun/2001:17:49:34 +0200] "GET
> http://www.teenagerbitch.com/ HTTP/1.1" 200 9051 "-" "Mozilla/4.0
> (compatible; MSIE 4.01; Windows NT)"

None of the domains which have shown that in their access logs
has anything even remotely to do with the indicated porn site.

Annette

> From bind-users-bounce at isc.org Tue Jun 26 19:02 CDT 2001
> To: comp-protocols-dns-bind at moderators.isc.org
> From: carlhirsch at hotmail.com (Carl Hirsch)
> Subject: Fidelity Domain Hijack?
> Date: 26 Jun 2001 13:40:42 -0700
> NNTP-Posting-Host: 151.154.61.200
> Content-Transfer-Encoding: 8bit
> X-Trace: posting.google.com 993588042 4175 127.0.0.1 (26 Jun 2001 20:40:42 GMT)
> X-Complaints-To: groups-support at google.com
> NNTP-Posting-Date: 26 Jun 2001 20:40:42 GMT
> List-unsubscribe: <mailto:bind-users-request at isc.org?Subject=unsubscribe>
> X-List-ID: <bind-users.isc.org>
> 
> 
> Apologies if this is the wrong forum, but I'm in the process of doing
> a post-mortem on a network hiccup we experienced this afternoon.
> 
> Today our DNS servers started resolving "www.401k.com" as
> "www.xxlteen.com".
> 
> 401k.com, www.4o1k.com were just fine. Clearing the cache on our DNS
> servers resolved the problem of our execs trying to check up on their
> mutual funds and getting Hot Teen Action instead.
> 
> We've got no evidence that any of our boxes were compromised, so I'm
> wondering what happened. Could a DNS serve closer to the root than us
> have been compromised and propogated bad information? A brief search
> of various security sites turned up no mention of Fidelity's Primary
> DNS getting cracked.
> 
> This situation strikes me as an excellent opportunity to learn more
> DNS-fu.
> 
> thanks,
> -carl
> network neophyte
> 
> 


More information about the bind-users mailing list