Just for clarification..... I have been monitoring the posts for this subject and have noticed allot of talk about misdirecting to akamai.net As I am sure some of you out there are aware, Akamai is a service provider that enables the distribution of information. They use a distributed DNS model based on networks/where you are coming from. Allot of companies and organizations out there like (symantec, nai, yahoo and the gov) use Akamai's services. The reason I am posting is because I don't want people to start thinking that things are being redirected "unlawfully" when there is a logical explanation of what is going on. I don't work for akamai, so this is not a advertisement. I am just aware of what they do and how it is achieved. If you have any questions regarding how akamai's technology works, I urge you to visit their site. www.akamai.com But again, just for the record, what you are seeing is the behavior that is expected and should not be cause for alarm. Michael B. Morell Network Operations Administrator Visual Data Corporation <--The statements made above do not reflect my employers position nor should be construed as such--> -----Original Message----- From: Crosby, Herbert (OAO-HOU) [mailto:hcrosbyat_private] Sent: Friday, October 12, 2001 12:15 PM To: 'Ryan Tucker'; cg Cc: incidentsat_private Subject: RE: fbi.gov weirdness? yup, I get the same miss direction on doing a LIVE UPDATE of Symantec's Norton Anti-Virus program to these sites (liveudpate.symantec.com >>> a33.g.akamai.net or 65-65-70-233.deploy.akamaitechnologies.net caught by doing "netstat -a" while running) .... makes you wonder if the definitions coming via LIVEUPDATE are any good but I do check them against the FTP site (different support vendor than http updates) so I know for sure ;-) -----Original Message----- From: Ryan Tucker [mailto:rtuckerat_private] Sent: Thursday, October 11, 2001 18:07 To: cg Cc: incidentsat_private Subject: Re: fbi.gov weirdness? On Thursday, October 11, 2001, at 06:41 , cg wrote: > Hi All, > I hope I'm posting this to the right list. I'm most likely just > paranoid > but is there something weird going on with the fbi.gov site? > 1. The new warning that they put out was > /pressrel/pressrel01/skyfall.htm > 2. Then it was changed to /pressrel/pressrel01/101101.htm > 3. So after seeing the first url change I tried to go back to > skyfall.htm > and I got a Not Found error with a [...] Noticed that too. skyfall.htm is... an interesting reference. > 4. Now as I look further by looking at DNS at COSTE, UXN and > geektools.com I > find differing ip addresses. COSTE reports > 216.200.14.114, while > the two others (which look truer to me) > 64.124.161.77. > > Is anyone else seeing this?? fbi.gov is Akamai'd, which means that it'll come up with a different IP address pretty much everywhere... [cydonia:~] rtucker% host www.fbi.gov www.fbi.gov is a nickname for fbi.edgesuite.net fbi.edgesuite.net is a nickname for a33.g.akamai.net a33.g.akamai.net has address 208.153.34.215 a33.g.akamai.net has address 208.153.34.216 [rtucker@puck rtucker]$ host www.fbi.gov www.fbi.gov is a nickname for fbi.edgesuite.net fbi.edgesuite.net is a nickname for a33.g.akamai.net a33.g.akamai.net has address 216.200.14.100 a33.g.akamai.net has address 216.200.14.114 You can see the same effect (and IP's, most likely) on www.akamai.com. :-) Hope this helps. -rt -- Ryan Tucker <rtuckerat_private> Network Operations Manager, NetAccess, Inc. http://www.netacc.net/ • (716)419-8252 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Oct 12 2001 - 09:43:05 PDT