Home / News I have a News Tip

DNS Attack Creator Becomes a Victim of His Own Creation

Moore, the creator of the popular Metasploit hacking toolkit has become the victim of a computer attack. It happened on Tuesday morning, when Moore's company, BreakingPoint had some of its Internet traffic redirected to a fake Google page that was being run by a scammer. According to Moore, the hacker was able to do this by launching what's known as a cache poisoning attack on a DNS server on AT&T's network that was serving the Austin, Texas area. One of BreakingPoint's servers was forwarding DNS traffic to the AT&T server, so when it was compromised, so was HD Moore's company.

Some clarification has been posted by H D Moore of Metasploit regarding the story and miss-quotes:

In a recent conversation with Robert McMillan (IDG), I described an in-the-wild attack against one of AT&T's DNS cache servers, specifically one that was configured as an upstream forwarder for an internal DNS machine at BreakingPoint Systems. The attackers had replaced the cache entry for www.google.com with a web page that loaded advertisements hidden inside an iframe. This attack affected anyone in the Austin, Texas region using that AT&T Internet Services (previously SBC) DNS server. The attack itself was not malicious, did not load malware, and from an operational standpoint, had zero impact. I contacted the ISP, worked with our IT folks to switch forwarding services, and wrote a cache auditing tool. I found the "wild" attack interesting, so in a conversation with Robert McMillan, I brought up the incident and forwarded the associated logs and notes. Shortly after our conversation, Mr. McMillan published an article with a sensationalist title, that while containing most of the facts, attributed a quote to me that I simply did not say. Specifically, "It's funny," he said. "I got owned."

Read full story: PC World

Follow CircleID on

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

Re: DNS Attack Creator Becomes a Victim of His Own Creation Fergie  –  Jul 30, 2008 10:03 AM PST

To be fair, HD Moore has written his own account of this interview/article, and takes issue with several points.

- ferg

Thanks Ali Farshchian  –  Jul 30, 2008 10:25 AM PST

We have added an update to the post above as well.

To post comments, please login or create an account.




Sponsored byWhoisXML API

DNS Security

Sponsored byAfilias

IP Addressing

Sponsored byAvenue4 LLC


Sponsored byThreat Intelligence Platform

Domain Names

Sponsored byVerisign


Sponsored byVerisign

New TLDs

Sponsored byAfilias

Brand Protection

Sponsored byAppDetex