blogger counter
Good Luck to the Waterford Hurlers
Alpha IT
Username Password
Eircom confirms DNS compromise

It has been confirmed today by Eircom that their Domain Name Servers (DNS) were indeed compromised last week.

An Eircom spokesperson told siliconrepublic.com, an Irish technology blog, that; "Our initial investigations and what we've seen definitely confirms there was a cache-poisoning attack. This is effectively the redirection of traffic to false websites."

Eircom users have been suffering from slow service and incorrect DNS responses since at least early last week. Many users on Boards.ie continued to report a slow service over the last few days and switching to OpenDNS as the solution to their problems.

The spokesperson further went onto state;

"There was a moderate level attack and as a result of that people were getting redirected to incorrect websites. We took a number of measures – including restrictions on DNS – and they may well have impacted on service levels.

"We strengthened our systems around the filtering of unwanted or suspected traffic within IP ranges and adjusted parameters that control and optimise system performance.

"After we identified the cache poising we also saw increased levels of activities that were worrying and could have been a sign of something bigger.

"It was a moderate level attack that caused irregular and unusual traffic patterns and as a result we took steps that stopped the cache poisoning but certainly as we took these steps on security they also impacted customer experience

"We haven't seen any further attempts at cache poisoning since last week.

"We have stabilised the network and we have also taken a number of steps including installing additional DNS servers. This weekend we are starting an upgrade and replacement of some of our service routers," he told siliconrepublic.com.

"DNS Cache Poisoning" is a malicious situation whereby data sent to a caching Domain Name System server did not originate from authoritative Domain Name System (DNS) resulting in non-authentic data to the clients of the server. Eircom users initially found that when they visited popular websites like Facebook, Bebo and RTE they were redirected to advertising portals with pictures of scantily clad women.
Posted by Kevin on 17th Jul 09 at 21:21



Alpha IT

Alpha IT
© Copyright Alpha IT Solutions | Links
Alpha IT