nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

From: jamie rishaw <j () arpa com>
Date: Thu, 20 Jun 2013 17:51:44 -0500
No.

The ztomy nameservers appeared in this morning's master .COM zonefile as
/authoritative/ for the number of domains I mentioned.

It is a clear change from just a couple of days ago, when the listed
nameservers were nowhere to be seen.

I have solid data to back this up, straight from Verisign GRS (Verisign),
the authoritative registry for .COM, .NET and others.

j



On Thu, Jun 20, 2013 at 4:10 PM, Carsten Bormann <cabo () tzi org> wrote:


Wild speculation:

netsol says this is a human error incurred during DDOS mitigation.
ztomy.com is a wild-card DNS provider that seems to use prolexic.
Now imagine someone at netsol or its DDOS service providers
fat-fingered their DDOS-averting routing in such a way that netsol
DNS traffic arrived at ztomy.com instead of a netsol server.
The ztomy.com server would know how to answer the queries...

I have no data to base this speculation on.

Grüße, Carsten






-- 
Jamie Rishaw // .com.arpa@j <- reverse it. ish.
[Impressive C-level Title Here], arpa / arpa labs
Previous By Date Next
Previous By Thread Next

Current thread: