[outages] Network Solutions DNS Stuffed?

Frank Bulk (iname.com) frnkblk at iname.com
Wed Jul 17 11:08:24 EDT 2013 

Now posted on their facebook site: “Network Solutions is experiencing a Distributed Denial of Service (DDOS) attack that is impacting our customers as well as the Network Solutions site. Our technology team is working to mitigate the situation. Please check back for updates.”  I don’t have their earlier posting talking about yesterday’s issues.

 

I also learned from a co-worker (who supports some small banks) about yesterday’s issues that “It was an Islamic group.  It sounded like servers were compromised, which lead to the compromised web sites.”  He either learned this in a news article, or a banking-related security bulletin.

 

Frank

 

From: Frank Bulk (iname.com) [mailto:frnkblk at iname.com] 
Sent: Wednesday, July 17, 2013 9:53 AM
To: 'Anthony Hook'; Mike Phipps
Cc: OUTAGES Mailing List
Subject: RE: [outages] Network Solutions DNS Stuffed?

 

More here:

https://www.facebook.com/networksolutions

https://www.networksolutions.com/blog/2013/07/notice-to-customers-who-may-be-experiencing-hosting-issues/ (I can’t currently load that page)

 

Frank

 

From: Outages [mailto:outages-bounces at outages.org] On Behalf Of Anthony Hook
Sent: Wednesday, July 17, 2013 9:13 AM
To: Mike Phipps
Cc: OUTAGES Mailing List
Subject: Re: [outages] Network Solutions DNS Stuffed?

 

I can confirm, perhaps this will also help?
 
$ dig @ns9.worldnic.com <http://ns9.worldnic.com>  amerigon.com <http://amerigon.com> 
 
; <<>> DiG 9.9.2-P1 <<>> @ns9.worldnic.com <http://ns9.worldnic.com>  amerigon.com <http://amerigon.com> 
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
[same result for ns10]
------
$ traceroute ns9.worldnic.com <http://ns9.worldnic.com> 
traceroute to ns9.worldnic.com <http://ns9.worldnic.com>  (205.178.190.5), 30 hops max, 60 byte packets
 1  gatekeeper.anthonyrhook.com <http://gatekeeper.anthonyrhook.com>  (192.168.1.1)  0.155 ms  0.233 ms  0.321 ms
 2  drr01.waus.wi.frontiernet.net (74.42.148.129)  33.632 ms  35.323 ms  36.750 ms
 3  static-50-50-0-13.snpr.wi.frontiernet.net <http://static-50-50-0-13.snpr.wi.frontiernet.net>  (50.50.0.13)  37.787 ms  39.193 ms  40.666 ms
 4  xe--5-2-0---0.car01.waus.wi.frontiernet.net <http://xe--5-2-0---0.car01.waus.wi.frontiernet.net>  (74.40.4.25)  42.414 ms  43.639 ms  45.065 ms
 5  xe--10-1-0---0.cor02.chcg.il.frontiernet.net <http://xe--10-1-0---0.cor02.chcg.il.frontiernet.net>  (74.40.4.29)  58.344 ms  59.321 ms  61.221 ms
 6  ae1---0.cbr01.chcg.il.frontiernet.net <http://ae1---0.cbr01.chcg.il.frontiernet.net>  (74.40.4.142)  63.568 ms  43.951 ms  44.024 ms
 7  ix-0-3-1-0.tcore2.CT8-Chicago.as6453.net <http://ix-0-3-1-0.tcore2.CT8-Chicago.as6453.net>  (206.82.141.105)  49.703 ms  49.820 ms  50.184 ms
 8  if-22-2.tcore1.CT8-Chicago.as6453.net <http://if-22-2.tcore1.CT8-Chicago.as6453.net>  (64.86.79.2)  50.317 ms  51.601 ms  52.768 ms
 9  64.86.78.10 (64.86.78.10)  54.762 ms  56.500 ms  57.942 ms
10  cr2-tengig-0-5-3-0.chd.savvis.net <http://cr2-tengig-0-5-3-0.chd.savvis.net>  (206.28.96.5)  62.620 ms  63.358 ms  64.576 ms
11  cr1-te-0-13-2-0.dck.savvis.net <http://cr1-te-0-13-2-0.dck.savvis.net>  (204.70.200.90)  86.971 ms  87.690 ms  89.397 ms
12  hr1-tengig-2-0-0.sterling2dc2.savvis.net <http://hr1-tengig-2-0-0.sterling2dc2.savvis.net>  (204.70.197.74)  67.463 ms  67.602 ms  68.783 ms
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * *^C

 

On Wed, Jul 17, 2013 at 8:31 AM, Mike Phipps <plstate at gmail.com <mailto:plstate at gmail.com> > wrote:

Hello all, has anyone else noticed that some of the Network Solutions name servers are unresponsive? Take this for example:

AMERIGON.COM <http://AMERIGON.COM>  has name server entries NS9.WORLDNIC.COM <http://NS9.WORLDNIC.COM>  and NS10.WORLDNIC.COM...

$ dig @ns9.worldnic.com <http://ns9.worldnic.com>  amerigon.com <http://amerigon.com> 

; <<>> DiG 9.8.1-P1 <<>> @ns9.worldnic.com <http://ns9.worldnic.com>  amerigon.com <http://amerigon.com> 
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

$ dig @ns10.worldnic.com <http://ns10.worldnic.com>  amerigon.com <http://amerigon.com> 

; <<>> DiG 9.8.1-P1 <<>> @ns10.worldnic.com <http://ns10.worldnic.com>  amerigon.com <http://amerigon.com> 
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached


_______________________________________________
Outages mailing list
Outages at outages.org <mailto:Outages at outages.org> 
https://puck.nether.net/mailman/listinfo/outages





 

-- 
- Anthony Hook 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/outages/attachments/20130717/d2bc15fe/attachment.htm>

More information about the Outages mailing list