[outages] Craigslist DNS Hijacking last night

[Jay Ashworth]

If you operate customer resolver servers, they may be poisoned, still; 
read the message below.

----- Forwarded Message -----
> From: "Ted Cooper" <ml-nanog090304q at elcsplace.com>
> To: nanog at nanog.org
> Sent: Sunday, November 23, 2014 11:08:51 PM
> Subject: Re: Craigslist hacked?
> On 24/11/14 13:41, Brian Henson wrote:
> > Is anyone else seeing their local craigslist redirected to another
> > site
> > other than craigslist? I see it loading
> > http://digitalgangster.com/5um.
> >
> 
> Over on [dns-operations]:
> 
> > On 24/11/14 13:38, Brad Volz wrote:>
> >> The craigslist account at one of our registrars was compromised and
> >> the
> >> NS records migrated away from their rightful home. That issue has
> >> since
> >> been corrected, but the various caches around the Internet are
> >> still
> >> holding the old data.
> >>
> >> If you could take a look at your caches to see if craigslist.org
> >> has the following NS records:
> >>
> >> ns1p.craigslist.org
> >> ns2p.craigslist.org
> >> ns1f.craigslist.org
> >> ns2f.craigslist.org
> >>
> >> If you see something else there, then you have a poisoned cache.
> >>
> >> Thank you for your assistance in this matter.
> >>
> >> Brad Volz
> >> Network Engineer

-- 
Jay R. Ashworth                  Baylink                       jra at baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates       http://www.bcp38.info          2000 Land Rover DII
St Petersburg FL USA      BCP38: Ask For It By Name!           +1 727 647 1274