DNS hijacking becoming commen place
Jim Reid
jim at rfc1035.com
Sun Feb 25 10:45:50 UTC 2001
>>>>> "Michael" == Michael S Scheidell <scheidell at caerulus.cerintha.com> writes:
Michael> "Activists redirected surfers visiting McDonalds.co.uk to
Michael> an insecure box in a US university on which they placed a
Michael> message mocking McDonalds."
Michael> The prank was performed not by hacking into the server
Michael> hosting the McDonalds site, but by exploiting its domain
Michael> name servers.
If there was an attack on the McDonalds.co.uk name servers - don't
believe everything you see in the papers or on the net! - it may have
succeeded because one of those name servers is running an old version
of BIND with known security holes. IIRC a recent posting to bugtraq
gave the script kiddies a way of exploiting that one of those holes.
I notice that the other name server runs BIND8.2.3. So maybe they are
in the process of upgrading to a version that plugs the holes?
More information about the bind-users
mailing list