Spamhaus under major dDOS

Late last night I, and a number of other folks, received mail from Spamhaus informing us of a major denial of service attack against their servers. The attack is so bad that the website and main mailserver is currently offline.
DNS services, including rsync and the mirrors, are up and running.
Spamhaus is working to bring the mailserver and website back up, and are hoping to have it up later today.
If there are any critical or particularly urgent SBL issues today, contact your ESP delivery team. The folks who were contacted do have an email address for urgent issues. This is not an address for routine queries, however, and most listees are going to have to wait until normal services are restored to have their listing addressed.
If there is something particularly urgent and your ESP or delivery team does not have a contact address, you can contact me an I can see what I can do.
UPDATE: Most of the IPs people have sent me are actually XBL/CBL listings. But right now the CBL webserver is responding slowly due to the DOS.
If you want to look up a listing without using the Spamhaus website you can use the “host” or “dig” command line tools. To do this reverse the digits in the IP address and append zen.spamhaus.org on the end.
So for the IP 10.11.12.13 you would query 13.12.11.10.zen.spamhaus.org

admin:~ laura$ host 13.12.11.10.zen.spamhaus.org

13.12.11.10.zen.spamhaus.org has address 127.0.0.4

or

admin:~ laura$ dig 13.12.11.10.zen.spamhaus.org

<<>> DiG 9.7.6-P1 <<>> 13.12.11.10.zen.spamhaus.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22991
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 22, ADDITIONAL: 0

;; QUESTION SECTION:
; 13.12.11.10.zen.spamhaus.org. IN A

;; ANSWER SECTION:
13.12.11.10.zen.spamhaus.org. 900 IN A 127.0.0.4

A return of 127.0.0.2 is a SBL listing.
A return of 127.0.0.4 is a XBL listing

Related Posts

Spamhaus dDOS

I got mail late last night from one of the Spamhaus peeps telling me that they were under a distributed Denial of Service (dDOS) attack. This is affecting email. Incoming email is delayed and they’re having difficulty sending outgoing email. This is affecting their responses to delisting queries.
They are working on mitigation and hopefully will be fully up and running soon.
Updates when I get them.
Update (8/29/2012): mail to Spamhaus should be back.

Read More

Nameless and faceless

Ken Magill wrote about Spamhaus last week. In the article he commented about the volunteers.

Read More