[163900] in North American Network Operators' Group
Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)
daemon@ATHENA.MIT.EDU (jamie rishaw)
Thu Jun 20 19:12:57 2013
In-Reply-To: <B1B4AB79-E4B4-4FEE-B4CB-8E29C1B50A2B@tzi.org>
Date: Thu, 20 Jun 2013 17:51:44 -0500
From: jamie rishaw <j@arpa.com>
To: Carsten Bormann <cabo@tzi.org>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
No.
The ztomy nameservers appeared in this morning's master .COM zonefile as
/authoritative/ for the number of domains I mentioned.
It is a clear change from just a couple of days ago, when the listed
nameservers were nowhere to be seen.
I have solid data to back this up, straight from Verisign GRS (Verisign),
the authoritative registry for .COM, .NET and others.
j
On Thu, Jun 20, 2013 at 4:10 PM, Carsten Bormann <cabo@tzi.org> wrote:
> Wild speculation:
>
> netsol says this is a human error incurred during DDOS mitigation.
> ztomy.com is a wild-card DNS provider that seems to use prolexic.
> Now imagine someone at netsol or its DDOS service providers
> fat-fingered their DDOS-averting routing in such a way that netsol
> DNS traffic arrived at ztomy.com instead of a netsol server.
> The ztomy.com server would know how to answer the queries...
>
> I have no data to base this speculation on.
>
> Gr=FC=DFe, Carsten
>
>
>
--=20
Jamie Rishaw // .com.arpa@j <- reverse it. ish.
[Impressive C-level Title Here], arpa / arpa labs
