[nsp-sec] The DNS Changer Take Down - Please check your flows ....
Barry Greene
bgreene at senki.org
Sat Nov 12 09:16:55 EST 2011
On Nov 11, 2011, at 5:14 AM, Florian Weimer wrote:
> * Barry Greene:
>
>> As part of the operation, clean DNS resolvers under the control of the
>> investigative team have replaced the criminal's DNS resolvers. All of
>> your customers who might be infected are now going to clean DNS
>> resolvers . Your customers might still be infected, but at lest they
>> are not going to rouge DNS server of having their DNS service stopped.
>
> Just for clarification, was this done on site, without changing routing
> of the netblocks involved? Or are we supposed to see changes in
> Internet routing to new destinations where the non-malicious resolvers
> are located?
There were two sites - one in Chicago - one in New York. We cut the links in Chicago and moved all the routes to the same site (Pilosoft) in New York. So everything should be coming out of AS 36445.
More information about the nsp-security
mailing list