Re: Need help in flushing DNS

[Paul Ferguson <fergdawgster () gmail com>]

I have no knowledge of any DDoS -related activity involving Yelp! and
Prolexic. Even if there is one, the fact that their DNS records have
been poisoned has not direct relationship to any current DDoS (there
isn't one that I am aware of).

- ferg


On Thu, Jun 20, 2013 at 12:31 AM, Andree Toonk <andree+nanog () toonk nl> wrote:

> .-- My secret spy satellite informs me that at 2013-06-19 10:34 PM  Paul
> Ferguson wrote:
>
> >  ; <<>> DiG 9.7.3 <<>> @localhost yelp.com A
> <SNIP>
> >  ;; ANSWER SECTION:
> >  yelp.com. 300 IN A 204.11.56.20
>
> Interesting to see that traffic to this IP addresses is going through
> prolexic...
> I guess they're considering this as a DOS.
>
> andree@bofh:~/src$ traceroute  204.11.57.20
> traceroute to 204.11.57.20 (204.11.57.20), 64 hops max, 52 byte packets
>  1  10.200.200.200 (10.200.200.200)  17.089 ms  13.144 ms  13.552 ms
>  2  67.215.89.1 (67.215.89.1)  20.963 ms  15.371 ms  17.026 ms
>  3  67.215.93.14 (67.215.93.14)  20.486 ms  14.458 ms  16.917 ms
>  4  ge-0-7-0-5.r06.snjsca04.us.bb.gin.ntt.net (128.241.219.145)  19.449
> ms  19.375 ms  15.274 ms
>  5  ae-2.prolexic.snjsca04.us.bb.gin.ntt.net (128.241.219.242)  17.107
> ms  23.272 ms  16.019 ms
>  6  209.200.184.34 (209.200.184.34)  14.878 ms  19.062 ms  15.776 ms
>  7  unknown.prolexic.com (72.52.30.126)  67.871 ms  64.376 ms  66.988 ms
>  8  domain.not.configured (204.11.57.20)  71.729 ms  65.830 ms  67.823 ms
>
>
> Reflection attacks are so yesterday...
>
> Cheers,
>  Andree



--
"Fergie", a.k.a. Paul Ferguson
 fergdawgster(at)gmail.com