Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Internet Security | DShield SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Was the Brazilian version of Google hijacked two days ago?

ISC reader Renato Marihno wrote in with some interesting observations out of Brazil the last couple of days.  It seems for about 30 minutes on January 3rd, did not point to Google's IP space and the nameservers were set to and  The issue was relatively quickly discovered and corrected but still shows the risk that hijacked registrant account access can be for enterprises.  You can read Renato's write up on LinkedIn.

This is a reminder that if an attacker controls DNS, they control everything. And if they control your domain registrant account, they control DNS.  This attack was crude and easy to discover, but it would be very easy to set of a man-in-the-middle attack using such a technique without a mitigating control like TLS in place.  Make sure your domain registry accounts require two-factor authentication and have strong passwords.

John Bambenek
bambenek \at\ gmail /dot/ com
Fidelis Cybersecurity


262 Posts
ISC Handler
Jan 5th 2017
www dot google dot com dot vn

we have seen unusual referrer headers coming from the Vietnamese google locale, over the past 7 days too.
As I'm writing, was redirected to

1 Posts

Sign Up for Free or Log In to start participating in the conversation!