Sunbeltblog comments
..and how would that be Ironic Alex?
It's ironic because Metasploit bills itself as an "Open-source platform for developing, testing, and using exploit code"
Too funny 
Yeah, what Steve said.
Incidentally, this was done through ARP poisoning
Yup. Another customer on the same ISP was compromised and used to ARP poison all servers in that subnet. I corrected the problem by setting a static ARP entry and notifying the ISP. To make it very clear -- the metasploit.com servers were not compromised, nor have been to this date.
Cool, thanks for that HD.
hmmmm I wounder if they should add an ARP poisoning module?
Stupid question, but if the server was not compromised, what was the ARP poison used for? If it wasn't used to capture credentials to the metasploit.com servers, was it just used to somehow redirect users to the compromised servers?
It was just used to "deface" metasploit.com for glory -- we don't offer any non-encrypted authentication services anyways
DataCenters should use private VLAN for it customer and encrypt the traffic.
thank you
bulshit your were hacked
Actually, they owned the ARP entry that resolv to metasploit websites IP.
I would say that you must not trust binaries that have been downloaded during the attack and you should check hashes now.
If they owned the ARP entry, they could have mirrored the website, and compromised binaries.
Also setting static ARP in hist host might not be a solution, as the entry must be statically set in the ISP router to be really trusted…
Regards
thank you
hohoho
Another customer on the same ISP was compromised and used to ARP poison all servers in that subnet. I corrected the problem by setting a static ARP entry and notifying the ISP.
Another customer on the same ISP was compromised and used to ARP poison all servers in that subnet. I corrected the problem by setting a static ARP entry and notifying the ISP.
Commenting by HaloScan
