[57035] in North American Network Operators' Group
Re: Both Iraqi state provider Uruklink.net name servers offline
daemon@ATHENA.MIT.EDU (Brian McWilliams)
Thu Mar 27 08:23:40 2003
Date: Thu, 27 Mar 2003 08:23:03 -0500
To: Sean Donelan <sean@donelan.com>, nanog@merit.edu
From: Brian McWilliams <bmcw@attbi.com>
In-Reply-To: <Pine.GSO.4.44.0303270244250.19218-100000@clifden.donelan.c
om>
Errors-To: owner-nanog-outgoing@merit.edu
Someone has apparently hacked the Uruklink.net DNS server, and is trying to
redirect visitors to a third-party 9-11 memorial site. The Uruklink.net
site is still generally available via its IP address: http://62.145.94.111
Details here:
http://www.pc-radio.com/uruklink-0wned.html
Brian
At 02:57 AM 3/27/2003, Sean Donelan wrote:
>Despite very old recommendations, the Iraqi state provider Uruklink.net
>kept all of its name servers on the same subnet. Although this is
>recognized as a poor design, many domain name server operators worldwide
>do the same thing.
>
>nic1.baghdadlink.net. 2D IN A 62.145.94.1
>nic2.baghdadlink.net. 2D IN A 62.145.94.2
>
>The nic2 (62.145.94.2) has been offline for over a week. Yesterday the
>remaining name server nic1 (62.145.94.1) was running an old version of
>bind (8.1.2). It was returning obviously bogus answers to queries.
>
>In the last 24 hours, the name server application on nic1 (62.145.94.1)
>went offline. The server is online (responds to pings), but neither
>tcp or udp port 53 responds. The name server application may have
>crashed, been trashed, or shutdown by the system administrator.
