Blue Security Denies It's At Fault In Blog Outage

In another twist to this tale of denial-of-service attacks, spammers, and anti-spam security, the CEO of one security firm staunchly defends his company.
"If the site [] had been under attack [when we redirected], packets would have reached TypePad within minutes," Reshef said. That users were able to reach the blog and leave comments proves that Blue Security did not drag an ongoing DoS attack to TypePad and Six Apart.

But when asked if he had contacted Six Apart prior to repointing his corporate site, or informed them that other company servers were currently under attack at the time, he only answered "I'm not saying this was the smartest move."

For its part, San Francisco-based Six Apart refused to divulge details of the attack's timeline. "We're not pointing the finger at anyone," said Jane Anderson, a spokesperson for Six Apart. "No, we've not contacted Blue Security, but we have been in touch with the FBI. This [DoS] was a criminal event, and we intend to follow up."

One possible explanation for the mysterious drop-off in incoming traffic to -- which was what led Reshef and his company to redirect the URL to TypePad -- is that Blue Security's own Israeli ISP shut down traffic to block a building DoS.

Todd Underwood, the chief of operations and security at Manchester, N.H.-based Renesys, an Internet monitoring and routing analysis firm, said Friday that it's possible that Blue Security's ISP used a blackhole filter to stem an outside attack.

"It's entirely plausible that NetVision put a black hole filter in place," said Underwood, "if they were seeing large numbers of packets aimed at Blue Security and didn't want to drag the traffic all the way from, say, New York."

NetVision, which has offices in Tel Aviv and Haifa, Israel, was not available due to the time difference.

"No, I haven't talked with NetVision," said Reshelf, who confirmed that NetVision was his company's ISP. "They haven't called us, either."

Reshef said he and others at Blue Security had been too busy dealing with the crisis this week to find out if NetVision had activated a blackhole filter. He acknowledged, however, that it was a "possible explanation."

"If that's what happened, and they haven't told us about it for four days, then I will have to have a long talk with them," Reshef said.