29 Mar
2013
29 Mar
'13
2:05 p.m.
Hi all, Regarding the Spamhaus DDoS attack, there's a Cisco article [0] detailing its chronology, which cites greenhost.nl [1] claiming a BGP hijack by AS34109 (CB3ROB). Here, a /32 was announced (and accepted...) for 0.ns.spamhaus.org, and the fraudulent server returned 127.0.0.2 for *all* DNSBL queries, with the intent to undermine confidence in Spamhaus. Are there any confirmations of this claim? This needs to be investigated and proven/disproven. Nicolai 0. http://blogs.cisco.com/security/chronology-of-a-ddos-spamhaus/ 1. https://greenhost.nl/2013/03/21/spam-not-spam-tracking-hijacked-spamhaus-ip/