Need help in flushing DNS
Paul Ferguson
fergdawgster at gmail.com
Thu Jun 20 07:38:53 UTC 2013
I have no knowledge of any DDoS -related activity involving Yelp! and
Prolexic. Even if there is one, the fact that their DNS records have
been poisoned has not direct relationship to any current DDoS (there
isn't one that I am aware of).
- ferg
On Thu, Jun 20, 2013 at 12:31 AM, Andree Toonk <andree+nanog at toonk.nl> wrote:
> .-- My secret spy satellite informs me that at 2013-06-19 10:34 PM Paul
> Ferguson wrote:
>
>> ; <<>> DiG 9.7.3 <<>> @localhost yelp.com A
> <SNIP>
>> ;; ANSWER SECTION:
>> yelp.com. 300 IN A 204.11.56.20
>
> Interesting to see that traffic to this IP addresses is going through
> prolexic...
> I guess they're considering this as a DOS.
>
> andree at bofh:~/src$ traceroute 204.11.57.20
> traceroute to 204.11.57.20 (204.11.57.20), 64 hops max, 52 byte packets
> 1 10.200.200.200 (10.200.200.200) 17.089 ms 13.144 ms 13.552 ms
> 2 67.215.89.1 (67.215.89.1) 20.963 ms 15.371 ms 17.026 ms
> 3 67.215.93.14 (67.215.93.14) 20.486 ms 14.458 ms 16.917 ms
> 4 ge-0-7-0-5.r06.snjsca04.us.bb.gin.ntt.net (128.241.219.145) 19.449
> ms 19.375 ms 15.274 ms
> 5 ae-2.prolexic.snjsca04.us.bb.gin.ntt.net (128.241.219.242) 17.107
> ms 23.272 ms 16.019 ms
> 6 209.200.184.34 (209.200.184.34) 14.878 ms 19.062 ms 15.776 ms
> 7 unknown.prolexic.com (72.52.30.126) 67.871 ms 64.376 ms 66.988 ms
> 8 domain.not.configured (204.11.57.20) 71.729 ms 65.830 ms 67.823 ms
>
>
> Reflection attacks are so yesterday...
>
> Cheers,
> Andree
>
>
--
"Fergie", a.k.a. Paul Ferguson
fergdawgster(at)gmail.com
More information about the NANOG
mailing list