httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@worldgate.com>
Subject Re: www.apache.org DNS poisoning
Date Thu, 19 Mar 1998 05:35:43 GMT
Grumble.

I would be more interested in tracking the source of it.  But, if he
restarted the DNS server the records will be gone.

On Wed, 18 Mar 1998, Brian Behlendorf wrote:

> 
> Context: he wrote me asking why he was getting 403's when accessing the
> site.  I looked through the logs and found only valid hits; he looked and
> saw his DNS server were being poisoned through a hole fixed by current
> versions of bind.  Good thing we sign our code distributions; though
> there's even easier ways to corrupt the distributions if you're an official
> apache mirror.  Anyways, just so's ya know.  Maybe we should reiterate the
> use of checking the keys when downloading the distribution; we should
> probably also start signing our binary distributions.
> 
> Or start using SSL only for distribution :)
> 
> 	Brian
> 
> >Delivered-To: brian@hyperreal.org
> >Date: Wed, 18 Mar 1998 23:58:44 -0500 (EST)
> >From: "Justin M. Streiner" <streiner@sgi.net>
> >X-Sender: streiner@lurch.bv.sgi.net
> >Reply-To: streiner@cluebyfour.org
> >To: Brian Behlendorf <brian@hyperreal.org>
> >Subject: Re: access to www.apache.org blocked?
> >
> >On Wed, 18 Mar 1998, Brian Behlendorf wrote:
> >
> >> All through Lynx, all status 200; no 403's.  Were you going through a proxy
> >> server of some sort?
> >
> >No, sir.  However I think I've traced the problem to a DNS server which
> >was still vulnerable to the cache-poisoning exploit (ISC-BIND 4.9.5).  A
> >little digging showed that www.apache.org was redirected to 200.33.54.2,
> >which identifies itself as xiomara.apache.org.mx and xiomara.msg.com.mx.
> >HTTP connections to the document root of that machine return a 403.  I
> >mistakenly assumed the real www.apache.org was returning a 403.  I've seen
> >similar incidents before where high-traffic websites such as
> >www.netscape.com were redirected to some site in Mexico.
> >
> >The affected DNS servers should be patched within the next day or so.
> >Sorry to have bothered you without checking all of the facts beforehand.
> >
> >jms
> >_j_m_streiner_______________________________________________________________
> >sysadmin, News Thug, Net Lackey, Resident BOFH  -  Stargate Industries, LLC.
> >                       mail: streiner at sgi dot net
> >  -- High-volume newsfeeds and news solutions for corporations and ISPs --
> >               mail "streiner-getkey@noc.sgi.net" for PGP Key
> >            Stomp out Internet Spam!  http://spam.abuse.net/spam
> >
> >
> >
> --=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
> "Optimism is a strategy for making                         brian@apache.org
> a better future." - Noam Chomsky                        brian@hyperreal.org
> 


Mime
View raw message