[kictanet] Has Kenya Police Website been Hacked?
McTim
dogwallah at gmail.com
Thu Jan 6 17:31:29 EAT 2011
On Thu, Jan 6, 2011 at 12:00 PM, Odhiambo Washington <odhiambo at gmail.com> wrote:
>
>
> On Thu, Jan 6, 2011 at 11:23 AM, Muchiri Nyaggah <muchiri at semacraft.com>
> wrote:
>>
>> The nameservers were simply an entertaining detour.
and puck has provided free secondary service for a long time as well,
nothing sinister there.
Deathstar.org is a
>> very old domain and like someone pointed out, in the 90's coming up with
>> creative eyebrow-raising names was cool. Now we read anything in everything
>> :)
>> Is there overlap between what the ICT board does and the GITS department
>> at Treasury where public sector ICT policy is concerned? Who would
>> ultimately be responsible for responding to breaches of this nature on
>> government IT infrastructure?
I've no idea.
>>
>
> Wait a moment! Was the server where www.kenyapolice.go.ke was hosted on govt
> IT infrastructure?
>
> gw# dig www.kenyapolice.go.ke +short
> 62.24.109.6
> gw# dig -x 62.24.109.6 +short
> g-3-3-0-core-as12455.telkom.co.ke.
>
> So, the IP is obtained from Telkom. A whois lookup shows the block in which
> it belongs as not delegated so I can't tell whether the website is hosted on
> Telkom's equipment or govt equipment.
Of course, it should be listed as assigned to a customer, UNLESS, it's
counted as part of Telkom hosting infrastructure, which is quite
possible from this dig:
$dig 109.24.62.in-addr.arpa
; <<>> DiG 9.3.2 <<>> 109.24.62.in-addr.arpa
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1141
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;109.24.62.in-addr.arpa. IN A
;; AUTHORITY SECTION:
109.24.62.in-addr.arpa. 10800 IN SOA dns1.jambonet.co.ke.
hostmaster.jambonet.co.ke. 2008082827 10800 3600 1209600 172800
;; Query time: 156 msec
;; SERVER: 196.200.16.2#53(196.200.16.2)
;; WHEN: Thu Jan 06 17:23:36 2011
;; MSG SIZE rcvd: 106
> It would be nice to know who has custody of the server that was compromised,
> in order to answer the question posed by Muchiri on
> "Who would ultimately be responsible for responding to breaches of this
> nature on government IT infrastructure?"
Call it Telkom IMHO.
--
Cheers,
McTim
"A name indicates what we seek. An address indicates where it is. A
route indicates how we get there." Jon Postel
More information about the KICTANet
mailing list