[Owasp-Mumbai] TCS.com -- something wrong.

Bhaven T. Haria bhaven.haria at paladion.net
Tue Feb 9 00:21:06 EST 2010


Hello folks,

Any idea, on how this attack on DNS was succeeded? NS query on tcs.com gives
following 5 DNS servers:

ns1.tracom.net  internet address = 216.15.130.71
ns2.tracom.net  internet address = 216.15.130.72

ns3.tcs.com     internet address = 203.101.69.159
ns4.tcs.com     internet address = 219.64.33.98
ns5.tcs.com     internet address = 208.44.114.53

3 of them belong TCS, but 2 belong to a service provider called Tracom.net.

If this was an attack on tracom, then probably other organisations would
also have got affected by the same attack.

Rgds,
Bhaven

On 7 February 2010 18:16, Soi, Dhruv <dhruv.soi at owasp.org> wrote:

> Correct. The IP address that was resolving against the domain during
> compromised period was: 205.178.152.154 and now after restoration its:
> 216.15.200.140. So not really network/application attack but DNS/account
> compromise.
>
> -----Original Message-----
> From: Yash Kadakia [mailto:teccoder at gmail.com]
> Sent: 07 February 2010 17:53
> To: dhruv.soi at owasp.org; 'Ajay k'; 'Raxit Sheth'; 'BarcampAhmedabad';
> owasp-bangalore at lists.owasp.org; owasp-delhi at lists.owasp.org;
> bangalore_barcamp at yahoogroups.com; 'BarCampMumbai2';
> owasp-mumbai at lists.owasp.org
> Subject: Re: [Owasp-Mumbai] TCS.com -- something wrong.
>
> Dhruv,
>
> I just want to add that based on your description it is not the server but
> the domain registar or their account there that was probably compromised.
>
> Regards - Yash
> Yash Kadakia
>
> Office: +91-022-23612909
> Office: +1-347-99-ITSEC (+1-347-994-8732)
> Mobile: +91-9833375290
> Blog: http://www.yashkadakia.com/
>
> Sent on my BlackBerryR from Vodafone
>
> -----Original Message-----
> From: "Soi, Dhruv" <dhruv.soi at owasp.org>
> Date: Sun, 7 Feb 2010 17:41:15
> To: 'Ajay k'<ajaykemparaj at gmail.com>; 'Raxit
> Sheth'<raxitsheth2000 at gmail.com>;
> 'BarcampAhmedabad'<barcampahmedabad at googlegroups.com>;
> <owasp-bangalore at lists.owasp.org>; <owasp-delhi at lists.owasp.org>;
> <bangalore_barcamp at yahoogroups.com>;
> 'BarCampMumbai2'<barcampmumbai2 at googlegroups.com>;
> <owasp-mumbai at lists.owasp.org>
> Subject: Re: [Owasp-Mumbai] TCS.com -- something wrong.
>
> _______________________________________________
> OWASP-Mumbai mailing list
> OWASP-Mumbai at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-mumbai
>
>
> _______________________________________________
> OWASP-Mumbai mailing list
> OWASP-Mumbai at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-mumbai
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-mumbai/attachments/20100209/a3fe9db1/attachment.html 


More information about the OWASP-Mumbai mailing list