[Owasp-delhi] [Owasp-Mumbai] TCS.com -- something wrong.
Parthajit.Panda at gmrgroup.in
Tue Feb 9 02:39:03 EST 2010
The attack so far appears to be a DNS attack. The attack happened at the domain name registrar's end, which is Network Solutions in this case of TCS. Network Solutions is one of the top five domain name registrars on internet, managing almost 6.4 million domains.
From: owasp-delhi-bounces at lists.owasp.org [mailto:owasp-delhi-bounces at lists.owasp.org] On Behalf Of Muslim Koser
Sent: Monday, February 08, 2010 8:08 PM
To: nileshkumar83 at gmail.com
Cc: owasp-delhi at lists.owasp.org; owasp-mumbai at lists.owasp.org
Subject: Re: [Owasp-delhi] [Owasp-Mumbai] TCS.com -- something wrong.
If this is repeat attack, then, this seems to be serious and it seems twitter kind of attack which happened few weeks back.
Also as DNS servers are targeted, it would be interesting to know whether the servers were owned by TCS or third party. If it was third party then this attack might have affected other companies as well, if its TCS then there will be serious questions of security measures from their side, as it will affect their reputation badly
The repeat of this attack might mean the attack might have been planned and targeted, guess more information will be unfolded in coming days
From: owasp-delhi-bounces at lists.owasp.org [mailto:owasp-delhi-bounces at lists.owasp.org] On Behalf Of nileshkumar83 at gmail.com
Sent: 08 February 2010 14:57
To: owasp-delhi at lists.owasp.org; owasp-mumbai at lists.owasp.org
Subject: [Owasp-delhi] [Owasp-Mumbai] TCS.com -- something wrong.
As per Dhruv:
>> The IP address that was resolving against the domain during
>>compromised period was: 220.127.116.11 and now after restoration its:
>>18.104.22.168. So not really network/application attack but DNS/account
The site is again under attack.
The IP of TCS.com is again back to compromised one: 22.214.171.124
The tcs.com<http://tcs.com> displays the following message:
"This Domain name is for sale. Please contact us:
abed_uk at hotmail.com<mailto:abed_uk at hotmail.com>
Looks like DNS attack only.
Thanks & Regards,
Engineer-Security| Honeywell Technology Solutions
Honeywell Technology Solutions Lab
This e-mail contains information which is confidential and/or legally privileged. If you are not the intended recipient , you are hereby notified that any disclosure, copying, distribution or the taking of any action in reliance on the contents of this e-mail is strictly prohibited. If you have received this e-mail in error, please destroy it and notify us by reply e-mail or by telephone. Internet E-mail messages may be subject to delays, non-delivery and unauthorised alterations and we shall not be responsible for the consequence(s) in such event(s). All reasonable precautions have been taken to ensure no viruses are present in this E-mail. We cannot accept responsibility for loss or damage arising from the use of this E-mail or attachments and recommend that you subject these to your virus checking procedures prior to use.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-delhi