nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Craigslist hacked?

From: George Herbert <george.herbert () gmail com>
Date: Mon, 24 Nov 2014 16:30:20 -0800





On Nov 24, 2014, at 4:18 PM, Randy Epstein <nanog () hostleasing net> wrote:

Actually, he didn’t hack its records either.  He exploited a bug in BIND.



...returned a legit response plus a tacked-on glue record for www.internic.net anytime you queried his nameserver, 
which he tricked people into doing with mixtures of sending you mail, hitting open DNS servers with queries for his 
domain, and another thing I still don't want to talk about.


Paul was more widely quoted and knew his BIND vulnerability better; he can always out-pedant me on this one.

I did get a few press quotes, though.

Your fu is weak, Randyhopper.  Train harder!   ;-)

George William Herbert
Sent from my iPhone
Previous By Date Next
Previous By Thread Next

Current thread: