by Dancho Danchev
July 30th, 2008 @ 8:08 am

A week after |)ruid and HD Moore release part 2 of DNS exploit, HD Moore’s company BreakingPoint has suffered a trafficMetasploit Logo redirection to a rogue Google site, thanks to the already poisoned cache at AT&T servers to which his company was forwarding DNS traffic :

“It happened on Tuesday morning, when Moore’s company, BreakingPoint had some of its Internet traffic redirected to a fake Google page that was being run by a scammer. According to Moore, the hacker was able to do this by launching what’s known as a cache poisoning attack on a DNS server on AT&T’s network that was serving the Austin, Texas area.

One of BreakingPoint’s servers was forwarding DNS (Domain Name System) traffic to the AT&T server, so when it was compromised, so was HD Moore’s company. When Moore tried to visit Google.com, he was actually redirected to a fake page that served up a Google page in one HTML frame along with three other pages designed to automatically click on advertisements.”

Moreover, last month, before the latest DNS cache poisoning vulnerability and exploits started taking place, Metasploit Project’s site was temporarily hijacked through ARP poisoning, perfectly demonstrating that old-fashioned DNS attacks remain intact.