Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

NY Times DNS Compromised

Published: 2013-08-27
Last Updated: 2013-08-27 21:09:58 UTC
by Tony Carothers (Version: 1)
3 comment(s)

The website for the New York Times was taken offline today by way of an attack on their DNS.  Shown below is the summary Dr. J whipped up:

The normal name servers are

;; AUTHORITY SECTION:            172800  IN      NS            172800  IN      NS

but one .com name server still answers with:

;; AUTHORITY SECTION:            172800  IN      NS            172800  IN      NS

;; ADDITIONAL SECTION:    172800  IN      A    172800  IN      A

and returns an IP in that subnet

Connecting to this server results in:

HTTP/1.1 200 OK
Date: Tue, 27 Aug 2013 20:55:33 GMT
Server: Apache
X-Powered-By: PHP/5.3.26
Content-Length: 14
Content-Type: text/html

Hacked by SEA
Connection closed by foreign host

3 comment(s)
Diary Archives