[outages] nytime.com dns borked

George Herbert george.herbert at gmail.com
Tue Aug 27 17:29:08 EDT 2013 

It's been all over the news for hours; yes, it's happening, yes, it appears
to be the Syrian Electronic Army that started it, not clear what the status
is now (things are bouncing somewhat).




On Tue, Aug 27, 2013 at 2:18 PM, John Kinsella <jlk at thrashyour.com> wrote:

> Confirmed hijacked, but I see different results…
>
> $ dig any nytimes.com
>
> ; <<>> DiG 9.8.3-P1 <<>> any nytimes.com
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9289
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 1
>
> ;; QUESTION SECTION:
> ;nytimes.com. IN ANY
>
> ;; ANSWER SECTION:
> nytimes.com. 86400 IN SOA ns5.boxsecured.com. ssuliman.hotmail.co.uk.
> 2013082703 86400 7200 3600000 86400
> nytimes.com. 14400 IN MX 0 nytimes.com.
> nytimes.com. 14356 IN A 212.1.211.121
> nytimes.com. 86400 IN NS ns5.boxsecured.com.
> nytimes.com. 86400 IN NS ns6.boxsecured.com.
>
> ;; AUTHORITY SECTION:
> nytimes.com. 86400 IN NS ns6.boxsecured.com.
> nytimes.com. 86400 IN NS ns5.boxsecured.com.
>
> ;; ADDITIONAL SECTION:
> nytimes.com. 14356 IN A 212.1.211.121
>
> ;; Query time: 93 msec
> ;; SERVER: 10.10.10.19#53(10.10.10.19)
> ;; WHEN: Tue Aug 27 14:17:37 2013
> ;; MSG SIZE  rcvd: 210
>
> On Aug 27, 2013, at 2:09 PM, Grant Ridder <shortdudey123 at gmail.com> wrote:
>
> I think someone hijacked NYTimes dns...
>
>
> http://www.chicagotribune.com/business/technology/chi-new-york-times-website-20130827,0,3415996.story
>
>
> Non-authoritative answer:
> Name:    nytimes.com
> Address: 141.105.64.37
>
> ~~~
> dig any nytimes.com
>
> ; <<>> DiG 9.8.3-P1 <<>> any nytimes.com
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15335
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 2
>
> ;; QUESTION SECTION:
> ;nytimes.com.            IN    ANY
>
> ;; ANSWER SECTION:
> nytimes.com.        11560    IN    A    141.105.64.37
> nytimes.com.        5    IN    NS    ns1.syrianelectronicarmy.com.
> nytimes.com.        5    IN    NS    ns2.syrianelectronicarmy.com.
>
> ;; ADDITIONAL SECTION:
> ns1.syrianelectronicarmy.com. 47 IN    A    141.105.64.37
> ns2.syrianelectronicarmy.com. 47 IN    A    141.105.64.37
> _______________________________________________
> Outages mailing list
> Outages at outages.org
> https://puck.nether.net/mailman/listinfo/outages
>
>
>
> _______________________________________________
> Outages mailing list
> Outages at outages.org
> https://puck.nether.net/mailman/listinfo/outages
>
>


-- 
-george william herbert
george.herbert at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/outages/attachments/20130827/04129e57/attachment.htm>

More information about the Outages mailing list