It is all over the news today that Twitter was hacked by a DNS redirection/hijacking.
My question is, what tools or techniques do you guys use to monitor your DNS/whois and detect this kind of attacks?
-
I run the Sucuri monitor (free) and it alerts me whenever the DNS/Whois is changed.
I have been monitoring twitter, facebook and other big sites for a while and that's the alert I got:
Sucuri nbim: twitter.com DNS modified
Modifications: 3a4
< twitter.com has address 128.121.146.100
< twitter.com has address 168.143.162.52
> twitter.com has address 66.147.242.88
--- This alert was generated by the Sucuri Network Integrity Monitor. Log in to your dashboard at http://sucuri.net.But this is just a first line of defense/visibility to react faster. If you host your own DNS, you could do a FIM (file integrity monitor) to detect changes on it...
*posting what I do in here, to do not affect other answers. Plus, for the means of full-disclosure, I wrote the sucuri monitor :)
Jeff Atwood : while asking and answering your own question is explicitly allowed, I think you should have waited a day or two for actual responses in this case.From sucuri
0 comments:
Post a Comment