RE: fbi.gov weirdness?

From: Crosby, Herbert (OAO-HOU) (hcrosbyat_private)
Date: Fri Oct 12 2001 - 09:14:41 PDT

Next message: Michael B. Morell: "RE: fbi.gov weirdness?"

Previous message: Rob Keown: "RE: fbi.gov weirdness?"
Maybe in reply to: cg: "fbi.gov weirdness?"
Next in thread: Michael B. Morell: "RE: fbi.gov weirdness?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

yup, I get the same miss direction on doing a LIVE UPDATE of Symantec's
Norton Anti-Virus program to these sites (liveudpate.symantec.com >>>
a33.g.akamai.net or 65-65-70-233.deploy.akamaitechnologies.net caught by
doing "netstat -a" while running) .... makes you wonder if the definitions
coming via LIVEUPDATE are any good but I do check them against the FTP site
(different support vendor than http updates) so I know for sure ;-)

-----Original Message-----
From: Ryan Tucker [mailto:rtuckerat_private]
Sent: Thursday, October 11, 2001 18:07
To: cg
Cc: incidentsat_private
Subject: Re: fbi.gov weirdness?



On Thursday, October 11, 2001, at 06:41 , cg wrote:

> Hi All,
>     I hope I'm posting this to the right list. I'm most likely just 
> paranoid
> but is there something weird going on with the fbi.gov site?
> 1. The new warning that they put out was 
> /pressrel/pressrel01/skyfall.htm
> 2. Then it was changed to /pressrel/pressrel01/101101.htm
> 3. So after seeing the first url change I tried to go back to 
> skyfall.htm
> and I got a Not Found error with a
[...]

Noticed that too.  skyfall.htm is... an interesting reference.

> 4. Now as I look further by looking at DNS at COSTE, UXN and 
> geektools.com I
> find differing ip             addresses. COSTE reports 
> 216.200.14.114, while
> the two others (which look truer to me)                     
> 64.124.161.77.
>
> Is anyone else seeing this??

fbi.gov is Akamai'd, which means that it'll come up with a different 
IP address pretty much everywhere...

[cydonia:~] rtucker% host www.fbi.gov
www.fbi.gov is a nickname for fbi.edgesuite.net
fbi.edgesuite.net is a nickname for a33.g.akamai.net
a33.g.akamai.net has address 208.153.34.215
a33.g.akamai.net has address 208.153.34.216

[rtucker@puck rtucker]$ host www.fbi.gov
www.fbi.gov is a nickname for fbi.edgesuite.net
fbi.edgesuite.net is a nickname for a33.g.akamai.net
a33.g.akamai.net has address 216.200.14.100
a33.g.akamai.net has address 216.200.14.114

You can see the same effect (and IP's, most likely) on 
www.akamai.com.  :-)

Hope this helps.  -rt

--
Ryan Tucker <rtuckerat_private>
Network Operations Manager, NetAccess, Inc.
http://www.netacc.net/ • (716)419-8252

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Michael B. Morell: "RE: fbi.gov weirdness?"
Previous message: Rob Keown: "RE: fbi.gov weirdness?"
Maybe in reply to: cg: "fbi.gov weirdness?"
Next in thread: Michael B. Morell: "RE: fbi.gov weirdness?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Oct 12 2001 - 09:26:28 PDT