[176323] in North American Network Operators' Group
Re: Craigslist hacked?
daemon@ATHENA.MIT.EDU (George Herbert)
Mon Nov 24 19:38:22 2014
X-Original-To: nanog@nanog.org
From: George Herbert <george.herbert@gmail.com>
In-Reply-To: <D09934E0.BE620%nanog@hostleasing.net>
Date: Mon, 24 Nov 2014 16:30:20 -0800
To: Randy Epstein <nanog@hostleasing.net>
Cc: "<nanog@nanog.org>" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
> On Nov 24, 2014, at 4:18 PM, Randy Epstein <nanog@hostleasing.net> wrote:
>=20
> Actually, he didn=E2=80=99t hack its records either. He exploited a bug i=
n BIND.
...returned a legit response plus a tacked-on glue record for www.internic.n=
et anytime you queried his nameserver, which he tricked people into doing wi=
th mixtures of sending you mail, hitting open DNS servers with queries for h=
is domain, and another thing I still don't want to talk about.
Paul was more widely quoted and knew his BIND vulnerability better; he can a=
lways out-pedant me on this one.
I did get a few press quotes, though.
Your fu is weak, Randyhopper. Train harder! ;-)
George William Herbert
Sent from my iPhone=