Re: Red Hat Linux 9 | Get the latest Linux early (fwd)

[Jeff Lane]

Robert P. J. Day wrote:

Red Hat list admin:

 A number of folks received the following on the Red Hat mailing
list recently.  The overwhelming evidence is that it is spam,
given the return address of redhat.chtah.com
Ummm nope.  Unless this spammer happened to also take over the 
redhat.com domain as well...

as was posted earlier:

http://www.redhat.com/mktg/rh9iso/

heres some text from that page on what appears to be www.redhat.com

Subscribe to Red Hat Network (subscriptions start as low as $60 
USD/year). Red Hat Linux 9 ISOs will be available to paid subscribers 
starting March 31, 2003--a week before they will be available on 
redhat.com, in stores, or on Red Hat FTP. A paid subscription also 
gets you access to RHN technical support, errata updates, priority 
access during peak times, and immediate email notification. It's the 
quickest way to get Red Hat Linux 9.

And just to be doubly sure... here are some of the tcpdump lines that I 
got from loading that page:

04:52:41.740352 65.56.213.5.33015 > 66.187.232.56.http: . ack 15140 win 
63480 (DF)
04:52:41.890352 66.187.232.56.http > 65.56.213.5.33015: . 
15140:16520(1380) ack 1236 win 16510 (DF)
04:52:41.890352 65.56.213.5.33015 > 66.187.232.56.http: . ack 16520 win 
63480 (DF)
04:52:42.050352 66.187.232.56.http > 65.56.213.5.33015: . 
16520:17900(1380) ack 1236 win 16510 (DF)
04:52:42.050352 65.56.213.5.33015 > 66.187.232.56.http: . ack 17900 win 
63480 (DF)

and a dig on www.redhat.com:

[EMAIL PROTECTED] network-scripts]# dig www.redhat.com

; <<>> DiG 9.2.1 <<>> www.redhat.com
<SNIP>
;; ANSWER SECTION:
www.redhat.com.         134     IN      A       66.187.232.56
;; AUTHORITY SECTION:
redhat.com.             163     IN      NS      ns2.redhat.com.
redhat.com.             163     IN      NS      ns3.redhat.com.
redhat.com.             163     IN      NS      ns1.redhat.com.
;; ADDITIONAL SECTION:
ns2.redhat.com.         23846   IN      A       66.187.224.210
ns3.redhat.com.         23846   IN      A       66.187.229.10
ns1.redhat.com.         23846   IN      A       66.187.233.210
<SNIP>
Note that the www.redhat.com address is the address that I was getting 
the packets from, as evidenced by tcpdump...

So, its real.. or Red Hat has one hell of a good intrusion going on...

and trust me, I know enough people on the inside at Red Hat to have 
confirmed this.

Cheers
Jeff


--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list