[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

BGP hijack of Spamhaus?

Hi all,

Regarding the Spamhaus DDoS attack, there's a Cisco article [0]
detailing its chronology, which cites greenhost.nl [1] claiming a BGP
hijack by AS34109 (CB3ROB).  Here, a /32 was announced (and accepted...)
for 0.ns.spamhaus.org, and the fraudulent server returned for
*all* DNSBL queries, with the intent to undermine confidence in

Are there any confirmations of this claim?  This needs to be
investigated and proven/disproven.


0. http://blogs.cisco.com/security/chronology-of-a-ddos-spamhaus/
1. https://greenhost.nl/2013/03/21/spam-not-spam-tracking-hijacked-spamhaus-ip/