yup, I get the same miss direction on doing a LIVE UPDATE of Symantec's Norton Anti-Virus program to these sites (liveudpate.symantec.com >>> a33.g.akamai.net or 65-65-70-233.deploy.akamaitechnologies.net caught by doing "netstat -a" while running) .... makes you wonder if the definitions coming via LIVEUPDATE are any good but I do check them against the FTP site (different support vendor than http updates) so I know for sure ;-) -----Original Message----- From: Ryan Tucker [mailto:rtuckerat_private] Sent: Thursday, October 11, 2001 18:07 To: cg Cc: incidentsat_private Subject: Re: fbi.gov weirdness? On Thursday, October 11, 2001, at 06:41 , cg wrote: > Hi All, > I hope I'm posting this to the right list. I'm most likely just > paranoid > but is there something weird going on with the fbi.gov site? > 1. The new warning that they put out was > /pressrel/pressrel01/skyfall.htm > 2. Then it was changed to /pressrel/pressrel01/101101.htm > 3. So after seeing the first url change I tried to go back to > skyfall.htm > and I got a Not Found error with a [...] Noticed that too. skyfall.htm is... an interesting reference. > 4. Now as I look further by looking at DNS at COSTE, UXN and > geektools.com I > find differing ip addresses. COSTE reports > 216.200.14.114, while > the two others (which look truer to me) > 64.124.161.77. > > Is anyone else seeing this?? fbi.gov is Akamai'd, which means that it'll come up with a different IP address pretty much everywhere... [cydonia:~] rtucker% host www.fbi.gov www.fbi.gov is a nickname for fbi.edgesuite.net fbi.edgesuite.net is a nickname for a33.g.akamai.net a33.g.akamai.net has address 208.153.34.215 a33.g.akamai.net has address 208.153.34.216 [rtucker@puck rtucker]$ host www.fbi.gov www.fbi.gov is a nickname for fbi.edgesuite.net fbi.edgesuite.net is a nickname for a33.g.akamai.net a33.g.akamai.net has address 216.200.14.100 a33.g.akamai.net has address 216.200.14.114 You can see the same effect (and IP's, most likely) on www.akamai.com. :-) Hope this helps. -rt -- Ryan Tucker <rtuckerat_private> Network Operations Manager, NetAccess, Inc. http://www.netacc.net/ • (716)419-8252 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Oct 12 2001 - 09:26:28 PDT