This is a coordinated hacking. (Was Re: Need help in flushing DNS)
jamie rishaw
j at arpa.com
Thu Jun 20 19:53:27 UTC 2013
This is most definitely a coordinated and planned attack.
And by 'attack' I mean hijacking of domain names.
I show as of this morning nearly fifty thousand domain names that appear
suspicious.
I'm tempted to call uscentcom and/or related agencies (which agencies, who
the hell knows, as ICE seems to have some sort of authority over domains
(nearly two hundred fifty of them as I type this in COM alone and another
thirty-some in NET).
Anyone credentialed (credentialed /n/., "I know you or know of you,")
wanting data, e-mail me off-list for some TLD goodness.
On Thu, Jun 20, 2013 at 12:29 PM, Phil Fagan <philfagan at gmail.com> wrote:
> Agree'd in these "smaller" scenario's I just wonder if in a larger scale
> scenario, whatever that might look like, if its necessary. Whereby many
> organizations who provide "services" are effected. Perhaps the result of a
> State led campaign ....topic for another day.
>
>
>
>
> On Thu, Jun 20, 2013 at 11:25 AM, Paul Ferguson <fergdawgster at gmail.com
> >wrote:
>
> > I am betting that Netsol doesn't need any more "coordination" at the
> > moment -- their phones are probably ringing off-the-hook. There are
> > still ~400 domains still pointing to the ztomy NS:
> >
> >
> > ; <<>> DiG 9.7.3 <<>> @foohost parsonstech.com NS
> > ; (1 server found)
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49064
> > ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
> >
> > ;; QUESTION SECTION:
> > ;parsonstech.com. IN NS
> >
> > ;; ANSWER SECTION:
> > parsonstech.com. 172800 IN NS ns2617.ztomy.com.
> > parsonstech.com. 172800 IN NS ns1617.ztomy.com.
> >
> > ;; Query time: 286 msec
> > ;; SERVER: 127.0.0.1#53(127.0.0.1)
> > ;; WHEN: Thu Jun 20 19:16:25 2013
> > ;; MSG SIZE rcvd: 81
> >
> > - ferg
> >
> > On Thu, Jun 20, 2013 at 10:13 AM, Phil Fagan <philfagan at gmail.com>
> wrote:
> >
> > > I should caveat.....coordinate the "recovery" of.
> > >
> > >
> > > On Thu, Jun 20, 2013 at 11:10 AM, Brandon Butterworth
> > > <brandon at rd.bbc.co.uk>wrote:
> > >
> > >> > Is there an organization that coordinates outages like this amongst
> > the
> > >> > industry?
> > >>
> > >> No, usually they are surprise outages though Anonymous have tried
> > >> coordinating a few
> > >>
> > >> brandon
> > >>
> > >
> > >
> > >
> > > --
> > > Phil Fagan
> > > Denver, CO
> > > 970-480-7618
> >
> >
> >
> > --
> > "Fergie", a.k.a. Paul Ferguson
> > fergdawgster(at)gmail.com
> >
>
>
>
> --
> Phil Fagan
> Denver, CO
> 970-480-7618
>
--
Jamie Rishaw // .com.arpa at j <- reverse it. ish.
[Impressive C-level Title Here], arpa / arpa labs
More information about the NANOG
mailing list