Home / News

DNS Attack Creator Becomes a Victim of His Own Creation

Moore, the creator of the popular Metasploit hacking toolkit has become the victim of a computer attack. It happened on Tuesday morning, when Moore's company, BreakingPoint had some of its Internet traffic redirected to a fake Google page that was being run by a scammer. According to Moore, the hacker was able to do this by launching what's known as a cache poisoning attack on a DNS server on AT&T's network that was serving the Austin, Texas area. One of BreakingPoint's servers was forwarding DNS traffic to the AT&T server, so when it was compromised, so was HD Moore's company.

Some clarification has been posted by H D Moore of Metasploit regarding the story and miss-quotes:

In a recent conversation with Robert McMillan (IDG), I described an in-the-wild attack against one of AT&T's DNS cache servers, specifically one that was configured as an upstream forwarder for an internal DNS machine at BreakingPoint Systems. The attackers had replaced the cache entry for www.google.com with a web page that loaded advertisements hidden inside an iframe. This attack affected anyone in the Austin, Texas region using that AT&T Internet Services (previously SBC) DNS server. The attack itself was not malicious, did not load malware, and from an operational standpoint, had zero impact. I contacted the ISP, worked with our IT folks to switch forwarding services, and wrote a cache auditing tool. I found the "wild" attack interesting, so in a conversation with Robert McMillan, I brought up the incident and forwarded the associated logs and notes. Shortly after our conversation, Mr. McMillan published an article with a sensationalist title, that while containing most of the facts, attributed a quote to me that I simply did not say. Specifically, "It's funny," he said. "I got owned."

Read full story: PC World

By CircleID Reporter – CircleID's internal staff reporting on news tips and developing stories. Do you have information the professional Internet community should be aware of? Contact us. Visit Page

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet


Re: DNS Attack Creator Becomes a Victim of His Own Creation By Fergie  –  Jul 30, 2008 10:03 am PST

To be fair, HD Moore has written his own account of this interview/article, and takes issue with several points.

- ferg

Thanks By Ali Farshchian  –  Jul 30, 2008 10:25 am PST

We have added an update to the post above as well.

Add Your Comments

 To post your comments, please login or create an account.



New TLDs

Sponsored byAfilias

IP Addressing

Sponsored byIPv4.Global

DNS Security

Sponsored byAfilias


Sponsored byThreat Intelligence Platform

Brand Protection

Sponsored byAppdetex

Domain Names

Sponsored byVerisign


Sponsored byWhoisXML API


Sponsored byVerisign