The website for the New York Times was taken offline today by way of an attack on their DNS. Shown below is the summary Dr. J whipped up:
The normal NYTimes.com name servers are |
Tony 150 Posts ISC Handler Aug 27th 2013 |
Thread locked Subscribe |
Aug 27th 2013 8 years ago |
It appears that twimg.com may also have been redirected...
|
Anonymous |
Quote |
Aug 27th 2013 8 years ago |
# whois nytimes.com
2 entries? # whois '=nytimes.com' Server Name: NYTIMES.COM IP Address: 141.105.64.37 Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE Whois Server: whois.melbourneit.com Referral URL: http://www.melbourneit.com Domain Name: NYTIMES.COM Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE Whois Server: whois.melbourneit.com Referral URL: http://www.melbourneit.com Name Server: DNS.EWR1.NYTIMES.COM Name Server: DNS.SEA1.NYTIMES.COM Status: serverDeleteProhibited Status: serverTransferProhibited Status: serverUpdateProhibited Updated Date: 27-aug-2013 Creation Date: 18-jan-1994 Expiration Date: 19-jan-2014 Hum... # whois -h whois.melbourneit.com NYTIMES.COM (also http://www.melbourneit.com.au/cc/whois/search ) Domain Name.......... nytimes.com Creation Date........ 1994-01-18 Registration Date.... 2011-08-31 Expiry Date.......... 2014-01-20 Organisation Name.... SEA Organisation Address. 620 8th Avenue Organisation Address. Organisation Address. Organisation Address. New York Organisation Address. 10018 Organisation Address. NY Organisation Address. UNITED STATES Admin Name........... SEA SEA Admin Address........ SEA Admin Address........ 620 8th Avenue Admin Address........ Admin Address. Syria Admin Address........ 10018 Admin Address........ SY Admin Address........ SYRIAN ARAB REPUBLIC Admin Email.......... sea@sea.sy Admin Phone.......... +1.2125561234 Admin Fax............ Tech Name............ NEW YORK TIMES DIGITAL Tech Address......... 229 West 43d Street Tech Address......... Tech Address......... Tech Address......... New York Tech Address......... 10036 Tech Address......... NY Tech Address......... UNITED STATES Tech Email........... hostmaster@NYTIMES.COM Tech Phone........... +1.2125561234 Tech Fax............. +1.1231231234 Name Server.......... ns27.boxsecured.com Name Server.......... ns28.boxsecured.com And yet on netsol.com (might be cached) Domain Name.......... nytimes.com Creation Date........ 1994-01-18 Registration Date.... 2011-08-31 Expiry Date.......... 2014-01-20 Organisation Name.... New York Times Digital Organisation Address. 620 8th Avenue Organisation Address. Organisation Address. Organisation Address. New York Organisation Address. 10018 Organisation Address. NY Organisation Address. UNITED STATES Admin Name........... Ellen Herb Admin Address........ NEW YORK TIMES DIGITAL Admin Address........ 620 8th Avenue Admin Address........ Admin Address. NEW YORK Admin Address........ 10018 Admin Address........ NY Admin Address........ UNITED STATES Admin Email.......... hostmaster@nytimes.com Admin Phone.......... +1.2125561234 Admin Fax............ Tech Name............ NEW YORK TIMES DIGITAL Tech Address......... 229 West 43d Street Tech Address......... Tech Address......... Tech Address......... New York Tech Address......... 10036 Tech Address......... NY Tech Address......... UNITED STATES Tech Email........... hostmaster@NYTIMES.COM Tech Phone........... +1.2125561234 Tech Fax............. +1.1231231234 Name Server.......... dns.sea1.nytimes.com Name Server.......... dns.ewr1.nytimes.com Now who got hacked =D |
Anonymous |
Quote |
Aug 27th 2013 8 years ago |
Strange, but looks like maybe the top-level nytimes.com domain has been registered as someone else's 'nameserver address' and was serving up the glue record to resolvers that accept this. Maybe something at Melbourne IT was not properly checking that a given nameserver address is within the correct domain. Some sort of AJAX handler would be my first guess.
|
Steven C. 171 Posts |
Quote |
Aug 28th 2013 8 years ago |
Sign Up for Free or Log In to start participating in the conversation!