[176327] in North American Network Operators' Group
Re: Craigslist hacked?
daemon@ATHENA.MIT.EDU (Mark Andrews)
Mon Nov 24 20:01:17 2014
X-Original-To: nanog@nanog.org
To: George Herbert <george.herbert@gmail.com>
From: Mark Andrews <marka@isc.org>
In-reply-to: Your message of "Mon, 24 Nov 2014 16:30:20 -0800."
<FDF98A3E-6BDC-4D85-8826-B3B8DC6EC725@gmail.com>
Date: Tue, 25 Nov 2014 12:00:05 +1100
Cc: "<nanog@nanog.org>" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
In message <FDF98A3E-6BDC-4D85-8826-B3B8DC6EC725@gmail.com>, George Herbert writes:
> > On Nov 24, 2014, at 4:18 PM, Randy Epstein <nanog@hostleasing.net>
> wrote:
> >
> > Actually, he didn’t hack its records either. He exploited a bug in
> BIND.
>
>
> ...returned a legit response plus a tacked-on glue record for
> www.internic.net anytime you queried his nameserver, which he tricked
> people into doing with mixtures of sending you mail, hitting open DNS
> servers with queries for his domain, and another thing I still don't want
> to talk about.
>
>
> Paul was more widely quoted and knew his BIND vulnerability better; he
> can always out-pedant me on this one.
More a protocol bug which lead to DNSSEC, which allows you to accept
a answer from anywhere so long as it is signed and validates as
secure, which most of you have yet to deploy.
> I did get a few press quotes, though.
>
> Your fu is weak, Randyhopper. Train harder! ;-)
>
> George William Herbert
> Sent from my iPhone
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
