[161967] in North American Network Operators' Group
BGP hijack of Spamhaus?
daemon@ATHENA.MIT.EDU (Nicolai)
Fri Mar 29 14:05:51 2013
Date: Fri, 29 Mar 2013 13:05:36 -0500
From: Nicolai <nicolai-nanog@chocolatine.org>
To: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Hi all,
Regarding the Spamhaus DDoS attack, there's a Cisco article [0]
detailing its chronology, which cites greenhost.nl [1] claiming a BGP
hijack by AS34109 (CB3ROB). Here, a /32 was announced (and accepted...)
for 0.ns.spamhaus.org, and the fraudulent server returned 127.0.0.2 for
*all* DNSBL queries, with the intent to undermine confidence in
Spamhaus.
Are there any confirmations of this claim? This needs to be
investigated and proven/disproven.
Nicolai
0. http://blogs.cisco.com/security/chronology-of-a-ddos-spamhaus/
1. https://greenhost.nl/2013/03/21/spam-not-spam-tracking-hijacked-spamhaus-ip/
