Security Incidents mailing list archives
RE: fbi.gov weirdness?
From: "Michael B. Morell" <MMorell () vdat com>
Date: Fri, 12 Oct 2001 12:40:09 -0400
Just for clarification..... I have been monitoring the posts for this subject and have noticed allot of talk about misdirecting to akamai.net As I am sure some of you out there are aware, Akamai is a service provider that enables the distribution of information. They use a distributed DNS model based on networks/where you are coming from. Allot of companies and organizations out there like (symantec, nai, yahoo and the gov) use Akamai's services. The reason I am posting is because I don't want people to start thinking that things are being redirected "unlawfully" when there is a logical explanation of what is going on. I don't work for akamai, so this is not a advertisement. I am just aware of what they do and how it is achieved. If you have any questions regarding how akamai's technology works, I urge you to visit their site. www.akamai.com But again, just for the record, what you are seeing is the behavior that is expected and should not be cause for alarm. Michael B. Morell Network Operations Administrator Visual Data Corporation <--The statements made above do not reflect my employers position nor should be construed as such--> -----Original Message----- From: Crosby, Herbert (OAO-HOU) [mailto:hcrosby () houston oao com] Sent: Friday, October 12, 2001 12:15 PM To: 'Ryan Tucker'; cg Cc: incidents () securityfocus com Subject: RE: fbi.gov weirdness? yup, I get the same miss direction on doing a LIVE UPDATE of Symantec's Norton Anti-Virus program to these sites (liveudpate.symantec.com >>> a33.g.akamai.net or 65-65-70-233.deploy.akamaitechnologies.net caught by doing "netstat -a" while running) .... makes you wonder if the definitions coming via LIVEUPDATE are any good but I do check them against the FTP site (different support vendor than http updates) so I know for sure ;-) -----Original Message----- From: Ryan Tucker [mailto:rtucker () netacc net] Sent: Thursday, October 11, 2001 18:07 To: cg Cc: incidents () securityfocus com Subject: Re: fbi.gov weirdness? On Thursday, October 11, 2001, at 06:41 , cg wrote:
Hi All,
I hope I'm posting this to the right list. I'm most likely just
paranoid
but is there something weird going on with the fbi.gov site?
1. The new warning that they put out was
/pressrel/pressrel01/skyfall.htm
2. Then it was changed to /pressrel/pressrel01/101101.htm
3. So after seeing the first url change I tried to go back to
skyfall.htm
and I got a Not Found error with a
[...] Noticed that too. skyfall.htm is... an interesting reference.
4. Now as I look further by looking at DNS at COSTE, UXN and geektools.com I find differing ip addresses. COSTE reports 216.200.14.114, while the two others (which look truer to me) 64.124.161.77. Is anyone else seeing this??
fbi.gov is Akamai'd, which means that it'll come up with a different IP address pretty much everywhere... [cydonia:~] rtucker% host www.fbi.gov www.fbi.gov is a nickname for fbi.edgesuite.net fbi.edgesuite.net is a nickname for a33.g.akamai.net a33.g.akamai.net has address 208.153.34.215 a33.g.akamai.net has address 208.153.34.216 [rtucker@puck rtucker]$ host www.fbi.gov www.fbi.gov is a nickname for fbi.edgesuite.net fbi.edgesuite.net is a nickname for a33.g.akamai.net a33.g.akamai.net has address 216.200.14.100 a33.g.akamai.net has address 216.200.14.114 You can see the same effect (and IP's, most likely) on www.akamai.com. :-) Hope this helps. -rt -- Ryan Tucker <rtucker () netacc net> Network Operations Manager, NetAccess, Inc. http://www.netacc.net/ • (716)419-8252 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- fbi.gov weirdness? cg (Oct 11)
- Re: fbi.gov weirdness? Chip McClure (Oct 11)
- Re: fbi.gov weirdness? Ryan Tucker (Oct 11)
- Message not available
- Re: fbi.gov weirdness? Allen Smith (Oct 12)
- Message not available
- <Possible follow-ups>
- RE: fbi.gov weirdness? Nicko Demeter (Oct 11)
- RE: fbi.gov weirdness? Rob Keown (Oct 11)
- RE: fbi.gov weirdness? Crosby, Herbert (OAO-HOU) (Oct 12)
- RE: fbi.gov weirdness? Michael B. Morell (Oct 12)