Need help in flushing DNS

• Previous message (by thread): Need help in flushing DNS
• Next message (by thread): Need help in flushing DNS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Not sure of some of the underlying details of the mechanics right now.

http://news.softpedia.com/news/LinkedIn-Outage-Caused-by-DDOS-Attack-on-Network-Solutions-362473.shtml

- ferg


On Fri, Jun 21, 2013 at 5:22 PM, Glen Kent <glen.kent at gmail.com> wrote:

> Hi,
>
> Do we know which DNS server started leaking the poisoned entry?
>
> Being new to this, i still dont understand how could a hacker gain access to
> the DNS server and corrupt the entry there? Wouldnt it require special admin
> rights, etc. to log in?
>
> Glen
>
>
> On Thu, Jun 20, 2013 at 11:32 AM, Paul Ferguson <fergdawgster at gmail.com>
> wrote:
>>
>> Hanlon's razor? Misconfiguration. Perhaps not done in malice, but I
>> have no idea where the poison leaked in, or why. :-)
>>
>> - ferg
>>
>> On Wed, Jun 19, 2013 at 10:49 PM, Alex Buie <alex.buie at frozenfeline.net>
>> wrote:
>>
>> > Anyone have news/explanation about what's happening/happened?
>> >
>> >
>> > On Wed, Jun 19, 2013 at 10:34 PM, Paul Ferguson
>> > <fergdawgster at gmail.com>wrote:
>> >
>> >> Sure enough:
>> >>
>> >>
>> >>
>> >>  ; <<>> DiG 9.7.3 <<>> @localhost yelp.com A
>> >>  ; (1 server found)
>> >>  ;; global options: +cmd
>> >>  ;; Got answer:
>> >>  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53267
>> >>  ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>> >>
>> >>  ;; QUESTION SECTION:
>> >>  ;yelp.com. IN A
>> >>
>> >>  ;; ANSWER SECTION:
>> >>  yelp.com. 300 IN A 204.11.56.20
>> >>
>> >>  ;; Query time: 143 msec
>> >>  ;; SERVER: 127.0.0.1#53(127.0.0.1)
>> >>  ;; WHEN: Thu Jun 20 07:33:13 2013
>> >>  ;; MSG SIZE  rcvd: 42
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> NetRange: 204.11.56.0 - 204.11.59.255
>> >> CIDR: 204.11.56.0/22
>> >> OriginAS: AS40034
>> >> NetName: CONFLUENCE-NETWORKS--TX3
>> >> NetHandle: NET-204-11-56-0-1
>> >> Parent: NET-204-0-0-0-0
>> >> NetType: Direct Allocation
>> >> Comment: Hosted in Austin TX.
>> >> Comment: Abuse :
>> >> Comment: abuse at confluence-networks.com
>> >> Comment: +1-917-386-6118
>> >> RegDate: 2012-09-24
>> >> Updated: 2012-09-24
>> >> Ref: http://whois.arin.net/rest/net/NET-204-11-56-0-1
>> >>
>> >> OrgName: Confluence Networks Inc
>> >> OrgId: CN
>> >> Address: 3rd Floor, Omar Hodge Building, Wickhams
>> >> Address: Cay I, P.O. Box 362
>> >> City: Road Town
>> >> StateProv: Tortola
>> >> PostalCode: VG1110
>> >> Country: VG
>> >> RegDate: 2011-04-07
>> >> Updated: 2011-07-05
>> >> Ref: http://whois.arin.net/rest/org/CN
>> >>
>> >> OrgAbuseHandle: ABUSE3065-ARIN
>> >> OrgAbuseName: Abuse Admin
>> >> OrgAbusePhone: +1-917-386-6118
>> >> OrgAbuseEmail: abuse at confluence-networks.com
>> >> OrgAbuseRef: http://whois.arin.net/rest/poc/ABUSE3065-ARIN
>> >>
>> >> OrgNOCHandle: NOCAD51-ARIN
>> >> OrgNOCName: NOC Admin
>> >> OrgNOCPhone: +1-415-462-7734
>> >> OrgNOCEmail: noc at confluence-networks.com
>> >> OrgNOCRef: http://whois.arin.net/rest/poc/NOCAD51-ARIN
>> >>
>> >> OrgTechHandle: TECHA29-ARIN
>> >> OrgTechName: Tech Admin
>> >> OrgTechPhone: +1-415-358-0858
>> >> OrgTechEmail: ipadmin at confluence-networks.com
>> >> OrgTechRef: http://whois.arin.net/rest/poc/TECHA29-ARIN
>> >>
>> >>
>> >> #
>> >> # ARIN WHOIS data and services are subject to the Terms of Use
>> >> # available at: https://www.arin.net/whois_tou.html
>> >> #
>> >>
>> >> - ferg
>> >>
>> >>
>> >>
>> >> On Wed, Jun 19, 2013 at 10:30 PM, Grant Ridder
>> >> <shortdudey123 at gmail.com>
>> >> wrote:
>> >>
>> >> > Yelp is evidently also affected
>> >> >
>> >> > On Wed, Jun 19, 2013 at 10:19 PM, John Levine <johnl at iecc.com> wrote:
>> >> >
>> >> >> >Reaching out to DNS operators around the globe. Linkedin.com has
>> >> >> > had
>> >> some
>> >> >> issues with DNS
>> >> >> >and would like DNS operators to flush their DNS. If you see
>> >> >> www.linkedin.com resolving NS to
>> >> >> >ns1617.ztomy.com or ns2617.ztomy.com then please flush your DNS.
>> >> >> >
>> >> >> >Any other info please reach out to me off-list.
>> >> >>
>> >> >> While you're at it, www.usps.com, www.fidelity.com, and other well
>> >> >> known sites have had DNS poisoning problems.  When I restarted my
>> >> >> cache, they look OK.
>> >> >>
>> >> >>
>> >> >>
>> >>
>> >>
>> >>
>> >> --
>> >> "Fergie", a.k.a. Paul Ferguson
>> >>  fergdawgster(at)gmail.com
>> >>
>> >>
>>
>>
>>
>> --
>> "Fergie", a.k.a. Paul Ferguson
>>  fergdawgster(at)gmail.com
>>
>



--
"Fergie", a.k.a. Paul Ferguson
 fergdawgster(at)gmail.com

• Previous message (by thread): Need help in flushing DNS
• Next message (by thread): Need help in flushing DNS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]