[163888] in North American Network Operators' Group
RE: This is a coordinated hacking. (Was Re: Need help in flushing DNS)
daemon@ATHENA.MIT.EDU (Gabor Tokaji)
Thu Jun 20 17:26:11 2013
From: Gabor Tokaji <gabor@logmein.com>
To: NANOG list <nanog@nanog.org>
Date: Thu, 20 Jun 2013 21:23:13 +0000
In-Reply-To: <B1B4AB79-E4B4-4FEE-B4CB-8E29C1B50A2B@tzi.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Hello everyone, I'm new here.
+1 to this theory. I've been watching what's happening since 3am Eastern, b=
ecause a domain of mine (of the many at NetSol) was a victim of this event.
-Gabor
-----Original Message-----
From: Carsten Bormann [mailto:cabo@tzi.org]=20
Sent: Thursday, June 20, 2013 5:11 PM
To: NANOG list
Subject: Re: This is a coordinated hacking. (Was Re: Need help in flushing =
DNS)
Wild speculation:
netsol says this is a human error incurred during DDOS mitigation.
ztomy.com is a wild-card DNS provider that seems to use prolexic.
Now imagine someone at netsol or its DDOS service providers fat-fingered th=
eir DDOS-averting routing in such a way that netsol DNS traffic arrived at =
ztomy.com instead of a netsol server.
The ztomy.com server would know how to answer the queries...
I have no data to base this speculation on.
Gr=FC=DFe, Carsten
