[163887] in North American Network Operators' Group
Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)
daemon@ATHENA.MIT.EDU (Carsten Bormann)
Thu Jun 20 17:11:05 2013
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <CAAAwwbUnSTR2Z0nDMmVgqHFj_T+svLzerAG+MTcXhQqOm+Xveg@mail.gmail.com>
Date: Thu, 20 Jun 2013 23:10:30 +0200
To: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Wild speculation:
netsol says this is a human error incurred during DDOS mitigation.
ztomy.com is a wild-card DNS provider that seems to use prolexic.
Now imagine someone at netsol or its DDOS service providers
fat-fingered their DDOS-averting routing in such a way that netsol
DNS traffic arrived at ztomy.com instead of a netsol server.
The ztomy.com server would know how to answer the queries...
I have no data to base this speculation on.
Gr=FC=DFe, Carsten
