Can anyone shed some light as to what is happening with Register.com?
Christopher Morrow
morrowc.lists at gmail.com
Thu Apr 2 13:50:00 UTC 2009
On Thu, Apr 2, 2009 at 2:40 AM, Steve Pirk <orion at pirk.com> wrote:
> On Wed, 1 Apr 2009, Steve Pirk wrote:
>
>> On Wed, 1 Apr 2009, Steven M. Bellovin wrote:
>>
>>> On Wed, 1 Apr 2009 17:10:24 -0500
>>> Erich Kolb <ekolb at kolbsoft.com> wrote:
>>>
>>>> Looks like they are having some serious issues. It doesn't appear
>>>> that any of their domains are resolving. Hosted or otherwise.
>>>>
>>> Hmm -- UltraDNS was attacked; I wonder if there's a connection.
>>> http://blogs.zdnet.com/BTL/?p=15601
>>>
>>>
>>> --Steve Bellovin, http://www.cs.columbia.edu/~smb
>>>
>>
>> A few weeks ago, there was tons of dns pounding all over the net.
>> Today, we see registrars going dark because of dns issues.
>> Today, people think Conficker will "do" something.
>> I am puzzled. Maybe it is just 04/01 paranoia?
>
> Thought of one more thing...
>
> Wasn't Conficker also configured to try and register a ton of randomly
s/register/lookup/
it's likely that more domains go through the grist-mill of
domain-tasting each hour than conficker's creators would 'register'
each day.
> generated domains? Two registrars go dark today?
I noticed yesterday that Register.com's (some of register's) customer
domain-hosting ips (dnsXXX.Z.register.com) were routing via prolexic's
infrastructure in FLA... Perhaps the plan was to migrate things over
to prolexic, deal with the 'attack' and then service real customer
requests from there?
$ tr dns044.b.register.com.
...
4 0.ge-5-2-0.BR2.IAD8.ALTER.NET (152.63.32.161) 5 ms 5 ms 5 ms
5 64.212.107.157 (64.212.107.157) 7 ms 7 ms 7 ms
6 WBS-Connect-Miami.TenGigabitEthernet2-4.1121.ar1.
(207.138.122.214) 38 ms 37 ms 37 ms
7 blackhole.prolexic.com (209.200.132.34) 38 ms 37 ms 37 ms
8 * * *
9 * * *
10 * * *
11 unknown.prolexic.com (209.200.168.54) 36 ms !A * 37 ms !A
-chris
More information about the NANOG
mailing list