Craigslist hacked?

George Herbert george.herbert at
Tue Nov 25 00:30:20 UTC 2014

> On Nov 24, 2014, at 4:18 PM, Randy Epstein <nanog at> wrote:
> Actually, he didn’t hack its records either.  He exploited a bug in BIND.

...returned a legit response plus a tacked-on glue record for anytime you queried his nameserver, which he tricked people into doing with mixtures of sending you mail, hitting open DNS servers with queries for his domain, and another thing I still don't want to talk about.

Paul was more widely quoted and knew his BIND vulnerability better; he can always out-pedant me on this one.

I did get a few press quotes, though.

Your fu is weak, Randyhopper.  Train harder!   ;-)

George William Herbert
Sent from my iPhone

More information about the NANOG mailing list