www.sco.com no longer has an DNS A record

Asia (remember the international date line) started on MyDoom already, although some reports said the worm used 1609 GMT to start its attack. SCO appears to have deleted the A record for www.sco.com from their DNS about 1 hour ago. I don't know how often MyDoom does the DNS lookup, so it may not

Re: www.sco.com no longer has an DNS A record

> SCO appears to have deleted the A record for www.sco.com from their DNS > about 1 hour ago. I don't know how often MyDoom does the DNS lookup, so > it may not stop things. As of 1:33AM CST, www.sco.com is still resolving... however their A record has a TTL of 60 seconds. I even queried ns.cal

Re: www.sco.com no longer has an DNS A record

On Sun, 1 Feb 2004, Adam 'Starblazer' Romberg wrote: > > SCO appears to have deleted the A record for www.sco.com from their DNS > > about 1 hour ago. I don't know how often MyDoom does the DNS lookup, so > > it may not stop things. > > As of 1:33AM CST, www.sco.com is still resolving... however

Re: www.sco.com no longer has an DNS A record

On Sat, 2004-01-31 at 22:55, Sean Donelan wrote: > On Sun, 1 Feb 2004, Adam 'Starblazer' Romberg wrote: > > > > SCO appears to have deleted the A record for www.sco.com from their DNS > > > about 1 hour ago. I don't know how often MyDoom does the DNS lookup, so > > > it may not stop things. > >

Re: www.sco.com no longer has an DNS A record

On Sat, 31 Jan 2004, W.D.McKinney wrote: > > Odd it does not resolve for me. http://www.sco.com Not being involved I'd guess SCO is adding/removing the record as the attack waxes and wanes? Trying to keep the number of attackers bouncing around some?

Re: www.sco.com no longer has an DNS A record

Hi! > > Looks like SCO has added the records back. I queried > > ns.calderasystems.com directly. Here is what it looked like earlier: > > > > $ORIGIN sco.com. > > ;www5931IN SOA ns.calderasystems.com. > > hostmaster.caldera.com. ( > > ; 2004013103 3600 900 604800

Re: www.sco.com no longer has an DNS A record

> > Odd it does not resolve for me. http://www.sco.com > > Not being involved I'd guess SCO is adding/removing the record as the > attack waxes and wanes? Trying to keep the number of attackers bouncing > around some? So, SCO has accused ISPs of dropping its traffic and has not made any effo

Re: SCO blames ISPs for blocking access to web site

Sean Donelan wrote: SCO's spokesperson Blake Stowell blamed ISPs around the world for blocking access to SCO's web site. SCO says their web site bandwidth is at normal levels. According to SCO the attack is not schedule to begin until Sunday at 1609 GMT. http://www.channelnewsasia.com/stories/af

Re: SCO blames ISPs for blocking access to web site

> There are just too many people who run when somebody cries "Wolf!!!" without > engaging their brain first. you just got bitten, this ones for real.

Re: AOL web troubles.. New AOL speedup seems to be a slowdown

Just got done working with my mother's machine again, and have been watching her and a bunch of other people who use AOL 9.0 and some who use 8.0. Something over the past week alone has definately happened in regards to the AOL TopSpeed stuff. I've got a situation with more then 75% of the peop

Re: updated root hints file (fwd)

On Fri, 30 Jan 2004, bill wrote in reply to presumably private mail: > > I thought the RSSAC site was www.root-servers.org. > > root-servers.org is -NOT- the rssac site. Your useful official content for today is: http://www.icann.org/committees/dns-root/ Your somewhat more useful

Re: Verizon mail troubles

Speaking on Deep Background, the Press Secretary whispered: > > > Personal Favorite: > > We put a move order in with VZ for June 12, then rescheduled to July 12 > (we were moving across the st.) of this year. On May 12 we come in and > discover that half our lines don't work. After 4 hours on t

Re: updated root hints file (fwd)

On Sun, 1 Feb 2004, Bruce Campbell wrote: > On Fri, 30 Jan 2004, bill wrote in reply to presumably private mail: > > > > I thought the RSSAC site was www.root-servers.org. > > > > root-servers.org is -NOT- the rssac site. > > Your useful official content for today is: > > http://www.

Did Wanadoo, French ISP, block access to SCO?

EWeek is reporting an anonymous source that Wanadoo, a major French ISP, has stopped all traffic to SCO's web site? Is this true? Have any other ISPs taken similar action?

Re: Did Wanadoo, French ISP, block access to SCO?

Here is a view from the west coast, This is via Opentransit, which is my limited understanding of French indicates is owned/part of FranceTelecom: trace 216.250.128.12 Type escape sequence to abort. Tracing the route to www.sco.com (216.250.128.12) 1 P12-0.PALBB2.Palo-alto.opentransit.net (1

Re: Did Wanadoo, French ISP, block access to SCO?

James Edwards wrote: > Here is a view from the west coast, This is via > Opentransit, which is my limited understanding of French > indicates is owned/part of FranceTelecom: Opentransit (5511) is indeed France Telecom's AS for international transit, and seems to block at least 216.250.128.12

Re: Did Wanadoo, French ISP, block access to SCO?

And by blackholing that IP they've also blackholed www.caldera.com, which is currently not a DDoS target but is also not respondig to requests. Rubens - Original Message - From: "James Edwards" <[EMAIL PROTECTED]> To: "Sean Donelan" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: S

Re: Did Wanadoo, French ISP, block access to SCO?

At 03:52 PM 01/02/2004, Sean Donelan wrote: EWeek is reporting an anonymous source that Wanadoo, a major French ISP, has stopped all traffic to SCO's web site? Is this true? Dont know Have any other ISPs taken similar action? Not here. The only thing different I did was ndc querylog tail -f /v

Re: Did Wanadoo, French ISP, block access to SCO?

Mike Tancsa wrote: Have any other ISPs taken similar action? Not here. The only thing different I did was ndc querylog tail -f /var/log/daemon | grep www.sco.com on my recursive servers and I have been underwhelmed by the output Maybe SCO just got overwhelmed by the requests by the peopl

Re: Did Wanadoo, French ISP, block access to SCO?

so, should they be renamed wanadon't? :-) i.e. what's all this about anyway? what am i supposed to learn from this that i am clearly missing? as far as i know, the actual victim has not asked us to do anything. so i think i'll go shopping for dinner and groceries before the fish counter gets s

Re: Did Wanadoo, French ISP, block access to SCO?

On Sun, 1 Feb 2004, Sean Donelan wrote: > EWeek is reporting an anonymous source that Wanadoo, a major French ISP, > has stopped all traffic to SCO's web site? > > Is this true? Have any other ISPs taken similar action? Can you block access to something that doesn't exist? ; <<>> DiG 9.2.2-P3

Re: Did Wanadoo, French ISP, block access to SCO?

On Sun, 01 Feb 2004 20:00:40 -0200, "Rubens Kuhl Jr." <[EMAIL PROTECTED]> said: > > And by blackholing that IP they've also blackholed www.caldera.com, which is > currently not a DDoS target but is also not respondig to requests. Umm,, I'll bite. If www.sco.com and www.caldera.com are on the sa

Re: Did Wanadoo, French ISP, block access to SCO?

Randy Bush wrote: so, should they be renamed wanadon't? :-) i.e. what's all this about anyway? what am i supposed to learn from this that i am clearly missing? as far as i know, the actual victim has not asked us to do anything. so i think i'll go shopping for dinner and groceries before the f

Re: Did Wanadoo, French ISP, block access to SCO?

Just drop the www.sco.com DNS record, as they did... this particular worm goes after the URL, not the IP it usually had. >nslookup www.sco.com *** can't find www.sco.com: Non-existent domain >nslookup www.caldera.com Non-authoritative answer: Name:www.caldera.com Address: 216.250.128.12

Re: SCO

[EMAIL PROTECTED] wrote: Umm,, I'll bite. If www.sco.com and www.caldera.com are on the same IP, how do you create a DDoS that wouldn't take out the Caldera site as well? A sheer-traffic DDoS will hurt both. A synflood will hurt both. The webserver that's listening on port 80 doesn't know whic

Re: Impending (mydoom) DOS attack

PG> Date: Sat, 31 Jan 2004 17:04:32 +1100 (EST) PG> From: Phillip Grasso PG> I've implemented a means of distributing the www.sco.com/32 PG> or any other DDoS destination network block around my own PG> AS and blocking it by routing to null on the edge routers. Consider also: Martini tunnels I

RE: Did Wanadoo, French ISP, block access to SCO?

Did go through last time: -Original Message- From: CHUNIKHIN Igor FTLD Sent: Sun 2/1/2004 6:18 PM To: '[EMAIL PROTECTED]'; Sean Donelan Cc: [EMAIL PROTECTED] Subject: RE: Did Wanadoo, French ISP, block access to SCO?

Re: SCO

e DDoS was already "past tense" a week ago. Not "expecting" or "will be shortly". Draw your own conclusions what happens if the DDoS attack fizzles for any reason, or if Netcraft's stats say a different story, etc... The best commentary I've seen on the whole sorry mess so far: http://ars.userfriendly.org/cartoons/?id=20040201 pgp0.pgp Description: PGP signature

Re: Did Wanadoo, French ISP, block access to SCO?

So thats 1-0 to the worm! You could do some real cool things if you were controlling the DNS for a site under a major sustained DDoS, who doesnt the intended victim like.. just fire up an A record and they're gone! ;p Btw I'm seeing www.caldera.com disappear into Level3, seems theyre down. St

What happened to dot pro ?

One of the new domains set up in 2002 was .pro, with three initial subdomains .med.pro, .law.pro, and .cpa.pro. They'd register applicants only after checking evidence that they're licensed in the appropriate profession. (Applicant sends state and license number, registry looks them up to be sure

Re: MS is vulnerable

> Date: Thu, 29 Jan 2004 09:26:05 -0500 (EST) > From: [EMAIL PROTECTED] > This is because your mom doesn't want to have to hire a > technical consultant to manage her IT infrastructure when all > she wants to do is get email pictures of her grandkids. Problem: 1. Even so-called "easy" systems

Re: updated root hints file (fwd)

> > On Fri, 30 Jan 2004, bill wrote in reply to presumably private mail: > > > I thought the RSSAC site was www.root-servers.org. > > > > root-servers.org is -NOT- the rssac site. > > Your useful official content for today is: > > http://www.icann.org/committees/dns-root/ tha

Re: Outbound Route Optimization

RAS> Date: Mon, 26 Jan 2004 15:35:28 -0500 RAS> From: Richard A Steenbergen RAS> On Mon, Jan 26, 2004 at 10:58:49AM -0800, Sean Finn wrote: RAS> RAS> > (Quiz for the list readers: RAS> >What percentage of the Internet routing table does RAS> >your network actually use?) Perhaps around

Re: updated root hints file (fwd)

let's face it. we should be looking at the front page of the site to find root hints. there we find , which seems to be missing a link to the signed root hints. iana, could you please fix that? thanks. randy

Re: Did Wanadoo, French ISP, block access to SCO?

On Mon, 2 Feb 2004, Stephen J. Wilcox wrote: > So thats 1-0 to the worm! [snip] > Btw I'm seeing www.caldera.com disappear into Level3, seems theyre down. I see the same at the verio/xo handoff - no successful A record lookups either. J. -- Jess Kitchen ^ burstfire.net[works] _$

Re: What happened to dot pro... (BTW)

Anyone can send a spoof through say a misconfigured email server responsible for that TLD say through remixer, posing as someone on that network. Just because someone has some 'nifty' tld means absolutely nothing. If someone truly wants to be held accountable in such fields they could always use

Re: updated root hints file (fwd)

> > let's face it. we should be looking at the front page > of the site to find root hints. there > we find , which seems > to be missing a link to the signed root hints. used to be there... > iana, could you please fix that?

Re: What happened to dot pro... (BTW)

> Not to get into an accountability issue here, but in certain professions I > feel digital messages should be signed entirely, I entirely agree, but you need both signatures and verifiable addresses. A PGP or S/MIME signature assures you that the mail definitely came from the address it purport

Re: What happened to dot pro... (BTW)

On Sun, 01 Feb 2004 21:48:47 EST, John R Levine said: > A PGP or S/MIME signature assures you that the mail definitely came from > the address it purports to come from, but it doesn't tell you whether that > person is who you think it is. That's where limited access domains can > help. Umm... no

Re: What happened to dot pro... (BTW)

John R Levine wrote: A PGP or S/MIME signature assures you that the mail definitely came from the address it purports to come from, but it doesn't tell you whether that person is who you think it is. That's where limited access domains can help. No actually a PGP signature assures you that a parti

Re: What happened to dot pro... (BTW)

> an out of band method (phone, in person, business card). I don't see how > a limited access domain helps in binding keys to people, unless the > registrars are going to start acting as CAs as well. Anyone can create a > PGP key with [EMAIL PROTECTED] as an associated email address. The .pro web

Re: SCO blames ISPs for blocking access to web site

Wolf was real; Boy was a bad boy; Now he is dead, not because he was eaten by the wolf, but because he decided to hide under the water and suffocate -:) Grand humor! -:) PS. I do not see this virus in our networks (except may be East Europe where I can not see exact data, but I can see traffic