2

It is all over the news today that Twitter was hacked by a DNS redirection/hijacking.

My question is, what tools or techniques do you guys use to monitor your DNS/whois and detect this kind of attacks?

sucuri
  • 2,867
  • 1
  • 23
  • 22

1 Answers1

3

I run the Sucuri monitor (free) and it alerts me whenever the DNS/Whois is changed.

I have been monitoring twitter, facebook and other big sites for a while and that's the alert I got:

Sucuri nbim: twitter.com DNS modified

Modifications: 3a4
< twitter.com has address 128.121.146.100
< twitter.com has address 168.143.162.52
> twitter.com has address 66.147.242.88

--- This alert was generated by the Sucuri Network Integrity Monitor. Log in to your dashboard at http://sucuri.net.

But this is just a first line of defense/visibility to react faster. If you host your own DNS, you could do a FIM (file integrity monitor) to detect changes on it...

**posting what I do in here, to do not affect other answers. Plus, for the means of full-disclosure, I wrote the sucuri monitor :)*

sucuri
  • 2,867
  • 1
  • 23
  • 22
  • while asking and answering your own question is explicitly allowed, I think you should have waited a day or two for actual responses in this case. – Jeff Atwood Dec 19 '09 at 11:02