Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Something very weird is going on - krebsonsecurity.com is resolving to 127.0.0.1 . Could this be an attempt by someone's DNS servers to make the machines in the original attacking botnet DoS themselves?


You still have the "old" (1 day old) DNS records. Try to flush your DNS cache.


My ISP's resolver has them too. Apparently it's somewhat common for ISP-run resolvers to impose minimum TTLs (the nominal TTL on the record I get is 5 minutes).


I'm seeing the same thing. IIRC it was a mitigation measure by Akamai, perhaps to prevent new bots from joining the attack.


From the post:

> I asked Akamai to redirect my site to 127.0.0.1 — effectively relegating all traffic destined for KrebsOnSecurity.com into a giant black hole.

Since Akamai was going to drop the "shields" on the site, instead of smashing the hosting provider with the attack, DNS was pointed at localhost.


This seems like an ineffectual measure. Instead of giving the domain to the individual nodes in the DDoS. I'd resolve it once and pound the IP until it changes.

With a simple script curling the page and looking at the content to check if it's pointed to the right server. Ignoring unroutable or inane IPs returned by the DNS.


In the article he mentions that was done before moving from Akamai to Google Project Shield.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: