Secunia Was Owned or DNS/domain hijacked?


Today Morning Secunia website was out of service and the reason of this service disruption is a DNS-attack. Many users thought that the website was compromised by hackers but that was not the case, the attack was made on the DNS server by redirecting users attempting to enter Secunia website to Hackers Website IP address.

On the hackers website you can find the following :

Sans have recived some reports from people about this incident they found that the site web located at the following IP address:

$ host www.secunia.com
www.secunia.com is an alias for secunia.com.
secunia.com has address 81.95.49.32
secunia.com mail is handled by 0 secunia.com.

while previously www.secunia.com was at 213.150.41.226.

And by running telnet on the original Secunia’s web site the server is still running:

$ telnet 213.150.41.226 80
Trying 213.150.41.226…
Connected to secunia.com (213.150.41.226).
Escape character is ‘^]’.
GET / HTTP/1.0
Host: secunia.com

HTTP/1.1 200 OK
Date: Thu, 25 Nov 2010 08:46:29 GMT
Server: Apache

This is not the first DNS attack we read about in the news there were a big number of incidents that are related to the DNS record and it is now very important to start using and implementing the DNSSec to protect the DNS servers.

make sure you subscribe to my RSS feed!

Share
You can leave a response, or trackback from your own site.
  • Pingback: A. Vanderslyke

  • Pingback: Seeb

  • Pingback: Mourad ben lakhoua

  • Pingback: Nahuel Grisolia

  • Pingback: Mourad ben lakhoua

  • Pingback: Mourad Ben Lakhoua

  • Pingback: Seeb

  • Pingback: SecureTechnology

  • Pingback: Tweets that mention Secunia Was Owned or DNS/domain hijacked? | SecTechno -- Topsy.com

  • Pingback: Cyber Informer

  • Pingback: Win Security