Send Outages-discussion mailing list submissions to outages-discussion@outages.org
To subscribe or unsubscribe via the World Wide Web, visit https://puck.nether.net/mailman/listinfo/outages-discussion or, via email, send a message with subject or body 'help' to outages-discussion-requ...@outages.org You can reach the person managing the list at outages-discussion-ow...@outages.org When replying, please edit your Subject line so it is more specific than "Re: Contents of Outages-discussion digest..." Today's Topics: 1. Comcast Outage (Matt Hoppes) 2. Re: [outages] not quite an outage, more a hack, "Urgent: Threat actor in systems" emails from FBI infrastructure (Grant Taylor) 3. Re: [outages] not quite an outage, more a hack, "Urgent: Threat actor in systems" emails from FBI infrastructure (Jay R. Ashworth) 4. Re: [outages] not quite an outage, more a hack, "Urgent: Threat actor in systems" emails from FBI infrastructure (Glenn McGurrin) 5. Re: [outages] not quite an outage, more a hack, "Urgent: Threat actor in systems" emails from FBI infrastructure (Jim Popovitch) 6. Re: [outages] not quite an outage, more a hack, "Urgent: Threat actor in systems" emails from FBI infrastructure (Brett Dikeman) ---------------------------------------------------------------------- Message: 1 Date: Thu, 11 Nov 2021 21:08:21 -0500 From: Matt Hoppes <mattli...@rivervalleyinternet.net> To: "outages-discussion@outages.org" <outages-discussion@outages.org> Subject: [Outages-discussion] Comcast Outage Message-ID: <9cb30b78-7837-7e9e-9f2b-37d4c5480...@rivervalleyinternet.net> Content-Type: text/plain; charset=utf-8; format=flowed Did anyone hear what happened to cause the massive Comcast outage the other day? ------------------------------ Message: 2 Date: Sat, 13 Nov 2021 10:29:09 -0700 From: Grant Taylor <gtay...@tnetconsulting.net> To: John Sage <js...@finchhaven.com>, Outages-discussion <outages-discussion@outages.org> Subject: Re: [Outages-discussion] [outages] not quite an outage, more a hack, "Urgent: Threat actor in systems" emails from FBI infrastructure Message-ID: <214a9df1-f3f1-feb2-7b65-b73c9f147...@spamtrap.tnetconsulting.net> Content-Type: text/plain; charset="utf-8"; Format="flowed" I'm re-routing my reply to outages-discussion instead of the original outages mailing list. -- I'm CCing John in case he doesn't subscribe to outages-discussion. On 11/13/21 9:56 AM, John Sage via Outages wrote: > Is anyone besides me now receiving three (or here four) identical posts > to the list with identical time stamps? Yes. I received five copies of the message. All of the messages had the same Message-ID. Tracing the Received: headers, it seems like the message was a duplicate all the way up to mx00.postal00.hostinfr.com. I see the first new (E)SMTP(S) id at puck.nether.net. So, it seems to me like the duplication happened between ...hostinfr.com and ...nether.net. I've not implemented a duplicate message ID filter for the Outages mailing list. But perhaps I should. -- Grant. . . . unix || die -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4013 bytes Desc: S/MIME Cryptographic Signature URL: <https://puck.nether.net/pipermail/outages-discussion/attachments/20211113/04f078ea/attachment-0001.p7s> ------------------------------ Message: 3 Date: Sat, 13 Nov 2021 17:45:19 +0000 (UTC) From: "Jay R. Ashworth" <j...@baylink.com> To: Grant Taylor <gtay...@tnetconsulting.net> Cc: John Sage <js...@finchhaven.com>, Outages-discussion <outages-discussion@outages.org>, Jared Mauch <ja...@puck.nether.net> Subject: Re: [Outages-discussion] [outages] not quite an outage, more a hack, "Urgent: Threat actor in systems" emails from FBI infrastructure Message-ID: <392103889.463301.1636825519773.javamail.zim...@baylink.com> Content-Type: text/plain; charset=utf-8 ----- Original Message ----- > From: "Grant Taylor" <gtay...@tnetconsulting.net> > I'm re-routing my reply to outages-discussion instead of the original > outages mailing list. -- I'm CCing John in case he doesn't subscribe > to outages-discussion. > > On 11/13/21 9:56 AM, John Sage via Outages wrote: >> Is anyone besides me now receiving three (or here four) identical posts >> to the list with identical time stamps? > > Yes. > > I received five copies of the message. All of the messages had the same > Message-ID. > > Tracing the Received: headers, it seems like the message was a duplicate > all the way up to mx00.postal00.hostinfr.com. I see the first new > (E)SMTP(S) id at puck.nether.net. > > So, it seems to me like the duplication happened between ...hostinfr.com > and ...nether.net. > > I've not implemented a duplicate message ID filter for the Outages > mailing list. But perhaps I should. procmail has that built in, I think, and I'd thought Mailman did as well, but perhaps I'm mistaken. Such a filter would, of course, have to go on the input side of ... well, maybe it wouldn't. I've never actually given any thought to how Mailman handles Message-ID. I expect Jared will know off-hand, though. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274 ------------------------------ Message: 4 Date: Sat, 13 Nov 2021 13:13:19 -0500 From: Glenn McGurrin <outages-...@cloudoptimizedsmb.com> To: Grant Taylor <gtay...@tnetconsulting.net>, j...@baylink.com Cc: John Sage <js...@finchhaven.com>, Outages-discussion <outages-discussion@outages.org> Subject: Re: [Outages-discussion] [outages] not quite an outage, more a hack, "Urgent: Threat actor in systems" emails from FBI infrastructure Message-ID: <21f202b9ff8fd29782c2f37311520...@cloudoptimizedsmb.com> Content-Type: text/plain; charset=US-ASCII; format=flowed I can confirm that, I'm not sure what exactly the issue was, but my mail server kept generating a temporary error when sending to puck.nether.net with a read timeout. Other mail before and after all is flowing well including one to nanog (aka another major mailing list, not just other user mailboxes), so it doesn't seem to be an issue purely on my end, though clearly other messages are working on the list, so it's not purely on the list's end. I'm happy to cooperate in tracking down the bug that seems to be affecting the link between my server and the list, I actually had to manually kill the message to stop it from repeating more when I saw the multiple copies on my end (and I'll be monitoring this message to kill it if needed). On 2021-11-13 12:29, Grant Taylor wrote: > I'm re-routing my reply to outages-discussion instead of the original > outages mailing list. -- I'm CCing John in case he doesn't subscribe > to outages-discussion. > > On 11/13/21 9:56 AM, John Sage via Outages wrote: >> Is anyone besides me now receiving three (or here four) identical >> posts to the list with identical time stamps? > > Yes. > > I received five copies of the message. All of the messages had the > same Message-ID. > > Tracing the Received: headers, it seems like the message was a > duplicate all the way up to mx00.postal00.hostinfr.com. I see the > first new (E)SMTP(S) id at puck.nether.net. > > So, it seems to me like the duplication happened between > ...hostinfr.com and ...nether.net. > > I've not implemented a duplicate message ID filter for the Outages > mailing list. But perhaps I should. > > > > _______________________________________________ > Outages-discussion mailing list > Outages-discussion@outages.org > https://puck.nether.net/mailman/listinfo/outages-discussion ------------------------------ Message: 5 Date: Sat, 13 Nov 2021 13:13:39 -0500 From: Jim Popovitch <jim...@domainmail.org> To: Josh Luthman <j...@imaginenetworksllc.com> Cc: Outages List <outages-discussion@outages.org> Subject: Re: [Outages-discussion] [outages] not quite an outage, more a hack, "Urgent: Threat actor in systems" emails from FBI infrastructure Message-ID: <8eab76414b45a5f6b8413762b9b5e116ee0125db.ca...@domainmail.org> Content-Type: text/plain; charset="UTF-8" On Sat, 2021-11-13 at 13:01 -0500, Josh Luthman via Outages wrote: > FWIW I only got one copy.? Definitely not all users. (Moved to outages-discussion@ where it should be) > > That's because you use Gmail, they do not show dup msgids in your inbox. -Jim P. ------------------------------ Message: 6 Date: Sat, 13 Nov 2021 23:37:22 +0000 From: Brett Dikeman <brett.dike...@gmail.com> To: Jim Popovitch <jim...@domainmail.org> Cc: Josh Luthman <j...@imaginenetworksllc.com>, Outages List <outages-discussion@outages.org> Subject: Re: [Outages-discussion] [outages] not quite an outage, more a hack, "Urgent: Threat actor in systems" emails from FBI infrastructure Message-ID: <CAFiC_bxUj1QXCGm9u0_=z27gan3vyeg9phbvy9bux2pw6+i...@mail.gmail.com> Content-Type: text/plain; charset="utf-8" Getting back to the original topic: it's a combination hack (on an FBI system/mail server) and human-powered DDoS on the FBI's technical support helpdesk, which has been swamped with people calling it. (It's also not an outage, and should not have been posted to the list.) On Sat, Nov 13, 2021 at 6:25 PM Jim Popovitch <jim...@domainmail.org> wrote: > On Sat, 2021-11-13 at 13:01 -0500, Josh Luthman via Outages wrote: > > FWIW I only got one copy. Definitely not all users. > > (Moved to outages-discussion@ where it should be) > > > > > > That's because you use Gmail, they do not show dup msgids in your inbox. > > -Jim P. > > _______________________________________________ > Outages-discussion mailing list > Outages-discussion@outages.org > https://puck.nether.net/mailman/listinfo/outages-discussion > -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://puck.nether.net/pipermail/outages-discussion/attachments/20211113/68640ef1/attachment.htm> ------------------------------ Subject: Digest Footer _______________________________________________ Outages-discussion mailing list Outages-discussion@outages.org https://puck.nether.net/mailman/listinfo/outages-discussion ------------------------------ End of Outages-discussion Digest, Vol 141, Issue 5 **************************************************