.RoTLD Confirms DNS Admin Servers Hack

The administrator of Romania’s top level domain has confirmed a successful attack against its domain server administration infrastructure took place on the night of November 27/28. Forensic analysis is ongoing and results will be published at a later date.

The hack (which we have covered here before) saw domains from companies such as Google, Yahoo and Kaspersky redirected to a defacement page hosted on a (possibly compromised) server in the Netherlands.

The attackhad  managed to poison DNS cache servers of all Romanian internet service providers, as well as some of the international public DNS servers, including the Google DNS (8.8.8.8 and 8.8.4.4) as they cache the DNS resolution sent by RoTLD to speed up the resolution process when other similar requests are made and RoTLD servers are, of course, authoritative for .ro domains.

One Response to .RoTLD Confirms DNS Admin Servers Hack


Leave a Reply

Your email address will not be published. Required fields are marked *