This is a coordinated hacking. (Was Re: Need help in flushing DNS)
jamie rishaw
j at arpa.com
Thu Jun 20 22:51:44 UTC 2013
No.
The ztomy nameservers appeared in this morning's master .COM zonefile as
/authoritative/ for the number of domains I mentioned.
It is a clear change from just a couple of days ago, when the listed
nameservers were nowhere to be seen.
I have solid data to back this up, straight from Verisign GRS (Verisign),
the authoritative registry for .COM, .NET and others.
j
On Thu, Jun 20, 2013 at 4:10 PM, Carsten Bormann <cabo at tzi.org> wrote:
> Wild speculation:
>
> netsol says this is a human error incurred during DDOS mitigation.
> ztomy.com is a wild-card DNS provider that seems to use prolexic.
> Now imagine someone at netsol or its DDOS service providers
> fat-fingered their DDOS-averting routing in such a way that netsol
> DNS traffic arrived at ztomy.com instead of a netsol server.
> The ztomy.com server would know how to answer the queries...
>
> I have no data to base this speculation on.
>
> Grüße, Carsten
>
>
>
--
Jamie Rishaw // .com.arpa at j <- reverse it. ish.
[Impressive C-level Title Here], arpa / arpa labs
More information about the NANOG
mailing list