Security Incidents mailing list archives

RE: fbi.gov weirdness?

From: "Crosby, Herbert (OAO-HOU)" <hcrosby () houston oao com>
Date: Fri, 12 Oct 2001 11:14:41 -0500

yup, I get the same miss direction on doing a LIVE UPDATE of Symantec's
Norton Anti-Virus program to these sites (liveudpate.symantec.com >>>
a33.g.akamai.net or 65-65-70-233.deploy.akamaitechnologies.net caught by
doing "netstat -a" while running) .... makes you wonder if the definitions
coming via LIVEUPDATE are any good but I do check them against the FTP site
(different support vendor than http updates) so I know for sure ;-)

-----Original Message-----
From: Ryan Tucker [mailto:rtucker () netacc net]
Sent: Thursday, October 11, 2001 18:07
To: cg
Cc: incidents () securityfocus com
Subject: Re: fbi.gov weirdness?



On Thursday, October 11, 2001, at 06:41 , cg wrote:

Hi All,
    I hope I'm posting this to the right list. I'm most likely just 
paranoid
but is there something weird going on with the fbi.gov site?
1. The new warning that they put out was 
/pressrel/pressrel01/skyfall.htm
2. Then it was changed to /pressrel/pressrel01/101101.htm
3. So after seeing the first url change I tried to go back to 
skyfall.htm
and I got a Not Found error with a

[...]

Noticed that too.  skyfall.htm is... an interesting reference.

4. Now as I look further by looking at DNS at COSTE, UXN and 
geektools.com I
find differing ip             addresses. COSTE reports 
216.200.14.114, while
the two others (which look truer to me)                     
64.124.161.77.

Is anyone else seeing this??


fbi.gov is Akamai'd, which means that it'll come up with a different 
IP address pretty much everywhere...

[cydonia:~] rtucker% host www.fbi.gov
www.fbi.gov is a nickname for fbi.edgesuite.net
fbi.edgesuite.net is a nickname for a33.g.akamai.net
a33.g.akamai.net has address 208.153.34.215
a33.g.akamai.net has address 208.153.34.216

[rtucker@puck rtucker]$ host www.fbi.gov
www.fbi.gov is a nickname for fbi.edgesuite.net
fbi.edgesuite.net is a nickname for a33.g.akamai.net
a33.g.akamai.net has address 216.200.14.100
a33.g.akamai.net has address 216.200.14.114

You can see the same effect (and IP's, most likely) on 
www.akamai.com.  :-)

Hope this helps.  -rt

--
Ryan Tucker <rtucker () netacc net>
Network Operations Manager, NetAccess, Inc.
http://www.netacc.net/ • (716)419-8252

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

Current thread:

fbi.gov weirdness? cg (Oct 11)
- Re: fbi.gov weirdness? Chip McClure (Oct 11)
- Re: fbi.gov weirdness? Ryan Tucker (Oct 11)
  - Message not available
    - Re: fbi.gov weirdness? Allen Smith (Oct 12)
- <Possible follow-ups>
- RE: fbi.gov weirdness? Nicko Demeter (Oct 11)
- RE: fbi.gov weirdness? Rob Keown (Oct 11)
- RE: fbi.gov weirdness? Crosby, Herbert (OAO-HOU) (Oct 12)
- RE: fbi.gov weirdness? Michael B. Morell (Oct 12)