[outages] nytime.com dns borked

John Kinsella jlk at thrashyour.com
Tue Aug 27 17:18:46 EDT 2013


Confirmed hijacked, but I see different results…

$ dig any nytimes.com

; <<>> DiG 9.8.3-P1 <<>> any nytimes.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9289
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 1

;; QUESTION SECTION:
;nytimes.com.			IN	ANY

;; ANSWER SECTION:
nytimes.com.		86400	IN	SOA	ns5.boxsecured.com. ssuliman.hotmail.co.uk. 2013082703 86400 7200 3600000 86400
nytimes.com.		14400	IN	MX	0 nytimes.com.
nytimes.com.		14356	IN	A	212.1.211.121
nytimes.com.		86400	IN	NS	ns5.boxsecured.com.
nytimes.com.		86400	IN	NS	ns6.boxsecured.com.

;; AUTHORITY SECTION:
nytimes.com.		86400	IN	NS	ns6.boxsecured.com.
nytimes.com.		86400	IN	NS	ns5.boxsecured.com.

;; ADDITIONAL SECTION:
nytimes.com.		14356	IN	A	212.1.211.121

;; Query time: 93 msec
;; SERVER: 10.10.10.19#53(10.10.10.19)
;; WHEN: Tue Aug 27 14:17:37 2013
;; MSG SIZE  rcvd: 210

On Aug 27, 2013, at 2:09 PM, Grant Ridder <shortdudey123 at gmail.com> wrote:

> I think someone hijacked NYTimes dns...
> 
> http://www.chicagotribune.com/business/technology/chi-new-york-times-website-20130827,0,3415996.story
> 
> 
> Non-authoritative answer:
> Name:    nytimes.com
> Address: 141.105.64.37
> 
> ~~~
> dig any nytimes.com
> 
> ; <<>> DiG 9.8.3-P1 <<>> any nytimes.com
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15335
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 2
> 
> ;; QUESTION SECTION:
> ;nytimes.com.            IN    ANY
> 
> ;; ANSWER SECTION:
> nytimes.com.        11560    IN    A    141.105.64.37
> nytimes.com.        5    IN    NS    ns1.syrianelectronicarmy.com.
> nytimes.com.        5    IN    NS    ns2.syrianelectronicarmy.com.
> 
> ;; ADDITIONAL SECTION:
> ns1.syrianelectronicarmy.com. 47 IN    A    141.105.64.37
> ns2.syrianelectronicarmy.com. 47 IN    A    141.105.64.37
> _______________________________________________
> Outages mailing list
> Outages at outages.org
> https://puck.nether.net/mailman/listinfo/outages

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/outages/attachments/20130827/c295fa33/attachment.htm>


More information about the Outages mailing list