Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> “I likely cost them a ton of money today.”

But more specifically, whoever launched the attack cost them that money.

Also, ha:

PING krebsonsecurity.com (127.0.0.1): 56 data bytes



I would say that is a clever move, but to be honest that is the most he can do now.

https://twitter.com/briankrebs/status/779144394360381440

     @    123 IN SOA   ns1.prolexic.net. hostmaster.prolexic.com. 2016092204 86400 900 1209600 3600
     @    900 IN NS    ns1.prolexic.net.
     @    900 IN NS    ns2.prolexic.net.
    *@    300 IN A     127.0.0.1
     @    300 IN MX    10 smtp.krebsonsecurity.com.
     @    300 IN TXT   "v=spf1 ip4:... ip4:... ip6:... a mx ?all"
     m    300 IN CNAME krebsonsecurity.mobify.me.
     smtp 900 IN A     198.251.81.28
    *www  300 IN A     127.0.0.1


It might be more useful to return the IP address of whoever made the DNS query.

This could trick the computers that make up the botnet to either attack themselves on the public interface (more resource-intensive than trying to DDoS your own loopback), or even better, their ISP's resolvers (it would force the ISP to do something about it).


With the recursive nature of DNS, I imagine that could get a little hairy as the DDoS'ers would then be targeting whichever DNS servers they were using.


> PING krebsonsecurity.com (127.0.0.1): 56 data bytes

Reminds me of: https://twitter.com/troyhunt/status/716408697266679808




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: