[Owasp-Mumbai] TCS.com -- something wrong.

Yash Kadakia teccoder at gmail.com
Tue Feb 9 03:18:10 EST 2010


FYI
http://infotech.indiatimes.com/News-Software__Services-Hackers_put_TCS_site_
On_Sale/articleshow/5548640.cms

 

Also, in-regards to the attack, I believe the attack was against Tracom. As
someone mentioned earlier, there were several websites with the same
message/email. If we can get a list of other websites, we can co-relate the
DNS servers and confirm the same.

 

Yash Kadakia | chief technology officer
P +91.022.23612909 M +91.98333.75290
P +1.347.994.8732 (ITSEC)
teccoder at gmail.com| www.yashkadakia.com

 

From: Bhaven T. Haria [mailto:bhaven.haria at paladion.net] 
Sent: 09 February 2010 10:51
To: dhruv.soi at owasp.org
Cc: teccoder at gmail.com; Ajay k; Raxit Sheth; BarcampAhmedabad;
owasp-bangalore at lists.owasp.org; owasp-delhi at lists.owasp.org;
bangalore_barcamp at yahoogroups.com; BarCampMumbai2;
owasp-mumbai at lists.owasp.org
Subject: Re: [Owasp-Mumbai] TCS.com -- something wrong.

 

 

Hello folks,

 

Any idea, on how this attack on DNS was succeeded? NS query on tcs.com gives
following 5 DNS servers:

 

ns1.tracom.net  internet address = 216.15.130.71

ns2.tracom.net  internet address = 216.15.130.72

 

ns3.tcs.com     internet address = 203.101.69.159

ns4.tcs.com     internet address = 219.64.33.98

ns5.tcs.com     internet address = 208.44.114.53

 

3 of them belong TCS, but 2 belong to a service provider called Tracom.net. 

 

If this was an attack on tracom, then probably other organisations would
also have got affected by the same attack.

 

Rgds,

Bhaven

 

On 7 February 2010 18:16, Soi, Dhruv <dhruv.soi at owasp.org> wrote:

Correct. The IP address that was resolving against the domain during
compromised period was: 205.178.152.154 and now after restoration its:
216.15.200.140. So not really network/application attack but DNS/account
compromise.


-----Original Message-----
From: Yash Kadakia [mailto:teccoder at gmail.com]
Sent: 07 February 2010 17:53
To: dhruv.soi at owasp.org; 'Ajay k'; 'Raxit Sheth'; 'BarcampAhmedabad';
owasp-bangalore at lists.owasp.org; owasp-delhi at lists.owasp.org;

bangalore_barcamp at yahoogroups.com; 'BarCampMumbai2';
owasp-mumbai at lists.owasp.org
Subject: Re: [Owasp-Mumbai] TCS.com -- something wrong.

Dhruv,

I just want to add that based on your description it is not the server but
the domain registar or their account there that was probably compromised.

Regards - Yash
Yash Kadakia

Office: +91-022-23612909
Office: +1-347-99-ITSEC (+1-347-994-8732)
Mobile: +91-9833375290
Blog: http://www.yashkadakia.com/

Sent on my BlackBerryR from Vodafone


-----Original Message-----
From: "Soi, Dhruv" <dhruv.soi at owasp.org>
Date: Sun, 7 Feb 2010 17:41:15
To: 'Ajay k'<ajaykemparaj at gmail.com>; 'Raxit
Sheth'<raxitsheth2000 at gmail.com>;
'BarcampAhmedabad'<barcampahmedabad at googlegroups.com>;
<owasp-bangalore at lists.owasp.org>; <owasp-delhi at lists.owasp.org>;
<bangalore_barcamp at yahoogroups.com>;
'BarCampMumbai2'<barcampmumbai2 at googlegroups.com>;
<owasp-mumbai at lists.owasp.org>
Subject: Re: [Owasp-Mumbai] TCS.com -- something wrong.

_______________________________________________
OWASP-Mumbai mailing list
OWASP-Mumbai at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-mumbai


_______________________________________________
OWASP-Mumbai mailing list
OWASP-Mumbai at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-mumbai

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-mumbai/attachments/20100209/d288c152/attachment-0001.html 


More information about the OWASP-Mumbai mailing list