Send Outages-discussion mailing list submissions to
outages-discussion@outages.org
To subscribe or unsubscribe via the World Wide Web, visit
https://puck.nether.net/mailman/listinfo/outages-discussion
or, via email, send a message with subject or body 'help' to
outages-discussion-requ...@outages.org
You can reach the person managing the list at
outages-discussion-ow...@outages.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Outages-discussion digest..."
Today's Topics:
1. Comcast Outage (Matt Hoppes)
2. Re: [outages] not quite an outage, more a hack, "Urgent:
Threat actor in systems" emails from FBI infrastructure (Grant Taylor)
3. Re: [outages] not quite an outage, more a hack, "Urgent:
Threat actor in systems" emails from FBI infrastructure
(Jay R. Ashworth)
4. Re: [outages] not quite an outage, more a hack, "Urgent:
Threat actor in systems" emails from FBI infrastructure
(Glenn McGurrin)
5. Re: [outages] not quite an outage, more a hack, "Urgent:
Threat actor in systems" emails from FBI infrastructure
(Jim Popovitch)
6. Re: [outages] not quite an outage, more a hack, "Urgent:
Threat actor in systems" emails from FBI infrastructure
(Brett Dikeman)
----------------------------------------------------------------------
Message: 1
Date: Thu, 11 Nov 2021 21:08:21 -0500
From: Matt Hoppes <mattli...@rivervalleyinternet.net>
To: "outages-discussion@outages.org" <outages-discussion@outages.org>
Subject: [Outages-discussion] Comcast Outage
Message-ID:
<9cb30b78-7837-7e9e-9f2b-37d4c5480...@rivervalleyinternet.net>
Content-Type: text/plain; charset=utf-8; format=flowed
Did anyone hear what happened to cause the massive Comcast outage the
other day?
------------------------------
Message: 2
Date: Sat, 13 Nov 2021 10:29:09 -0700
From: Grant Taylor <gtay...@tnetconsulting.net>
To: John Sage <js...@finchhaven.com>, Outages-discussion
<outages-discussion@outages.org>
Subject: Re: [Outages-discussion] [outages] not quite an outage, more
a hack, "Urgent: Threat actor in systems" emails from FBI
infrastructure
Message-ID:
<214a9df1-f3f1-feb2-7b65-b73c9f147...@spamtrap.tnetconsulting.net>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
I'm re-routing my reply to outages-discussion instead of the original
outages mailing list. -- I'm CCing John in case he doesn't subscribe
to outages-discussion.
On 11/13/21 9:56 AM, John Sage via Outages wrote:
> Is anyone besides me now receiving three (or here four) identical posts
> to the list with identical time stamps?
Yes.
I received five copies of the message. All of the messages had the same
Message-ID.
Tracing the Received: headers, it seems like the message was a duplicate
all the way up to mx00.postal00.hostinfr.com. I see the first new
(E)SMTP(S) id at puck.nether.net.
So, it seems to me like the duplication happened between ...hostinfr.com
and ...nether.net.
I've not implemented a duplicate message ID filter for the Outages
mailing list. But perhaps I should.
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4013 bytes
Desc: S/MIME Cryptographic Signature
URL:
<https://puck.nether.net/pipermail/outages-discussion/attachments/20211113/04f078ea/attachment-0001.p7s>
------------------------------
Message: 3
Date: Sat, 13 Nov 2021 17:45:19 +0000 (UTC)
From: "Jay R. Ashworth" <j...@baylink.com>
To: Grant Taylor <gtay...@tnetconsulting.net>
Cc: John Sage <js...@finchhaven.com>, Outages-discussion
<outages-discussion@outages.org>, Jared Mauch <ja...@puck.nether.net>
Subject: Re: [Outages-discussion] [outages] not quite an outage, more
a hack, "Urgent: Threat actor in systems" emails from FBI
infrastructure
Message-ID:
<392103889.463301.1636825519773.javamail.zim...@baylink.com>
Content-Type: text/plain; charset=utf-8
----- Original Message -----
> From: "Grant Taylor" <gtay...@tnetconsulting.net>
> I'm re-routing my reply to outages-discussion instead of the original
> outages mailing list. -- I'm CCing John in case he doesn't subscribe
> to outages-discussion.
>
> On 11/13/21 9:56 AM, John Sage via Outages wrote:
>> Is anyone besides me now receiving three (or here four) identical posts
>> to the list with identical time stamps?
>
> Yes.
>
> I received five copies of the message. All of the messages had the same
> Message-ID.
>
> Tracing the Received: headers, it seems like the message was a duplicate
> all the way up to mx00.postal00.hostinfr.com. I see the first new
> (E)SMTP(S) id at puck.nether.net.
>
> So, it seems to me like the duplication happened between ...hostinfr.com
> and ...nether.net.
>
> I've not implemented a duplicate message ID filter for the Outages
> mailing list. But perhaps I should.
procmail has that built in, I think, and I'd thought Mailman did as well,
but perhaps I'm mistaken.
Such a filter would, of course, have to go on the input side of ... well,
maybe it wouldn't. I've never actually given any thought to how Mailman
handles Message-ID. I expect Jared will know off-hand, though.
Cheers,
-- jra
--
Jay R. Ashworth Baylink j...@baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII
St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
------------------------------
Message: 4
Date: Sat, 13 Nov 2021 13:13:19 -0500
From: Glenn McGurrin <outages-...@cloudoptimizedsmb.com>
To: Grant Taylor <gtay...@tnetconsulting.net>, j...@baylink.com
Cc: John Sage <js...@finchhaven.com>, Outages-discussion
<outages-discussion@outages.org>
Subject: Re: [Outages-discussion] [outages] not quite an outage, more
a hack, "Urgent: Threat actor in systems" emails from FBI
infrastructure
Message-ID: <21f202b9ff8fd29782c2f37311520...@cloudoptimizedsmb.com>
Content-Type: text/plain; charset=US-ASCII; format=flowed
I can confirm that, I'm not sure what exactly the issue was, but my mail
server kept generating a temporary error when sending to puck.nether.net
with a read timeout. Other mail before and after all is flowing well
including one to nanog (aka another major mailing list, not just other
user mailboxes), so it doesn't seem to be an issue purely on my end,
though clearly other messages are working on the list, so it's not
purely on the list's end.
I'm happy to cooperate in tracking down the bug that seems to be
affecting the link between my server and the list, I actually had to
manually kill the message to stop it from repeating more when I saw the
multiple copies on my end (and I'll be monitoring this message to kill
it if needed).
On 2021-11-13 12:29, Grant Taylor wrote:
> I'm re-routing my reply to outages-discussion instead of the original
> outages mailing list. -- I'm CCing John in case he doesn't subscribe
> to outages-discussion.
>
> On 11/13/21 9:56 AM, John Sage via Outages wrote:
>> Is anyone besides me now receiving three (or here four) identical
>> posts to the list with identical time stamps?
>
> Yes.
>
> I received five copies of the message. All of the messages had the
> same Message-ID.
>
> Tracing the Received: headers, it seems like the message was a
> duplicate all the way up to mx00.postal00.hostinfr.com. I see the
> first new (E)SMTP(S) id at puck.nether.net.
>
> So, it seems to me like the duplication happened between
> ...hostinfr.com and ...nether.net.
>
> I've not implemented a duplicate message ID filter for the Outages
> mailing list. But perhaps I should.
>
>
>
> _______________________________________________
> Outages-discussion mailing list
> Outages-discussion@outages.org
> https://puck.nether.net/mailman/listinfo/outages-discussion
------------------------------
Message: 5
Date: Sat, 13 Nov 2021 13:13:39 -0500
From: Jim Popovitch <jim...@domainmail.org>
To: Josh Luthman <j...@imaginenetworksllc.com>
Cc: Outages List <outages-discussion@outages.org>
Subject: Re: [Outages-discussion] [outages] not quite an outage, more
a hack, "Urgent: Threat actor in systems" emails from FBI
infrastructure
Message-ID:
<8eab76414b45a5f6b8413762b9b5e116ee0125db.ca...@domainmail.org>
Content-Type: text/plain; charset="UTF-8"
On Sat, 2021-11-13 at 13:01 -0500, Josh Luthman via Outages wrote:
> FWIW I only got one copy.? Definitely not all users.
(Moved to outages-discussion@ where it should be)
> >
That's because you use Gmail, they do not show dup msgids in your inbox.
-Jim P.
------------------------------
Message: 6
Date: Sat, 13 Nov 2021 23:37:22 +0000
From: Brett Dikeman <brett.dike...@gmail.com>
To: Jim Popovitch <jim...@domainmail.org>
Cc: Josh Luthman <j...@imaginenetworksllc.com>, Outages List
<outages-discussion@outages.org>
Subject: Re: [Outages-discussion] [outages] not quite an outage, more
a hack, "Urgent: Threat actor in systems" emails from FBI
infrastructure
Message-ID:
<CAFiC_bxUj1QXCGm9u0_=z27gan3vyeg9phbvy9bux2pw6+i...@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Getting back to the original topic: it's a combination hack (on an FBI
system/mail server) and human-powered DDoS on the FBI's technical support
helpdesk, which has been swamped with people calling it.
(It's also not an outage, and should not have been posted to the list.)
On Sat, Nov 13, 2021 at 6:25 PM Jim Popovitch <jim...@domainmail.org> wrote:
> On Sat, 2021-11-13 at 13:01 -0500, Josh Luthman via Outages wrote:
> > FWIW I only got one copy. Definitely not all users.
>
> (Moved to outages-discussion@ where it should be)
>
>
> > >
> That's because you use Gmail, they do not show dup msgids in your inbox.
>
> -Jim P.
>
> _______________________________________________
> Outages-discussion mailing list
> Outages-discussion@outages.org
> https://puck.nether.net/mailman/listinfo/outages-discussion
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://puck.nether.net/pipermail/outages-discussion/attachments/20211113/68640ef1/attachment.htm>
------------------------------
Subject: Digest Footer
_______________________________________________
Outages-discussion mailing list
Outages-discussion@outages.org
https://puck.nether.net/mailman/listinfo/outages-discussion
------------------------------
End of Outages-discussion Digest, Vol 141, Issue 5
**************************************************
