It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Some features of ATS will be disabled while you continue to use an ad-blocker.
By Ian Betteridge
April 5, 2005
A security company has issued a warning over a possible hijacking of the Internet's DNS system, which has resulted in some users being unable to reach some Web sites—instead being redirected to sites maintained by the attackers.
According to the SANS Internet Storm Center, the company first received reports of so-called DNS cache poisoning attacks on March 3 and has been monitoring the problem since then.
The attack compromised servers and were pointed to an incorrect address for the root entries for the entire .com domain, allowing the hijackers to reroute traffic to any server with a .com address.
More than 1,300 domain names were hijacked, including some of those belonging to American Express, H&R Block, Fedex, Wal-Mart and CNN.
Handler on Duty Marcus H. Sachs
April 3rd 2005
After monitoring the situation for several weeks now, it has become apparent that the attacker(s) are changing their methods and toolset to point at different compromised servers in an effort to keep the attacks alive. This attack morphed into a similar attack with different IP addresses that users were re-directed toward. This will be referred to as the third attack and is still ongoing as of April 1, 2005.