RE: fbi.gov weirdness?

From: Michael B. Morell (MMorellat_private)
Date: Fri Oct 12 2001 - 09:40:09 PDT

  • Next message: Alfred Huger: "Departure from the list - new moderators"

    Just for clarification.....
    
    I have been monitoring the posts for this subject and have noticed allot of
    talk about misdirecting to akamai.net
    
    As I am sure some of you out there are aware, Akamai is a service provider
    that enables the distribution of information.
    They use a distributed DNS model based on networks/where you are coming
    from.  Allot of companies and organizations out there like (symantec, nai,
    yahoo and the gov) use Akamai's services.
    
    The reason I am posting is because I don't want people to start thinking
    that things are being redirected "unlawfully" when there is a logical
    explanation of what is going on.  I don't work for akamai, so this is not a
    advertisement.  I am just aware of what they do and how it is achieved.
    
    If you have any questions regarding how akamai's technology works, I urge
    you to visit their site.  www.akamai.com
    But again, just for the record, what you are seeing is the behavior that is
    expected and should not be cause for alarm.
    
    Michael B. Morell
    Network Operations Administrator
    Visual Data Corporation
    
    <--The statements made above do not reflect my employers position nor should
    be construed as such-->
    
    -----Original Message-----
    From: Crosby, Herbert (OAO-HOU) [mailto:hcrosbyat_private]
    Sent: Friday, October 12, 2001 12:15 PM
    To: 'Ryan Tucker'; cg
    Cc: incidentsat_private
    Subject: RE: fbi.gov weirdness?
    
    
    yup, I get the same miss direction on doing a LIVE UPDATE of Symantec's
    Norton Anti-Virus program to these sites (liveudpate.symantec.com >>>
    a33.g.akamai.net or 65-65-70-233.deploy.akamaitechnologies.net caught by
    doing "netstat -a" while running) .... makes you wonder if the definitions
    coming via LIVEUPDATE are any good but I do check them against the FTP site
    (different support vendor than http updates) so I know for sure ;-)
    
    -----Original Message-----
    From: Ryan Tucker [mailto:rtuckerat_private]
    Sent: Thursday, October 11, 2001 18:07
    To: cg
    Cc: incidentsat_private
    Subject: Re: fbi.gov weirdness?
    
    
    
    On Thursday, October 11, 2001, at 06:41 , cg wrote:
    
    > Hi All,
    >     I hope I'm posting this to the right list. I'm most likely just 
    > paranoid
    > but is there something weird going on with the fbi.gov site?
    > 1. The new warning that they put out was 
    > /pressrel/pressrel01/skyfall.htm
    > 2. Then it was changed to /pressrel/pressrel01/101101.htm
    > 3. So after seeing the first url change I tried to go back to 
    > skyfall.htm
    > and I got a Not Found error with a
    [...]
    
    Noticed that too.  skyfall.htm is... an interesting reference.
    
    > 4. Now as I look further by looking at DNS at COSTE, UXN and 
    > geektools.com I
    > find differing ip             addresses. COSTE reports 
    > 216.200.14.114, while
    > the two others (which look truer to me)                     
    > 64.124.161.77.
    >
    > Is anyone else seeing this??
    
    fbi.gov is Akamai'd, which means that it'll come up with a different 
    IP address pretty much everywhere...
    
    [cydonia:~] rtucker% host www.fbi.gov
    www.fbi.gov is a nickname for fbi.edgesuite.net
    fbi.edgesuite.net is a nickname for a33.g.akamai.net
    a33.g.akamai.net has address 208.153.34.215
    a33.g.akamai.net has address 208.153.34.216
    
    [rtucker@puck rtucker]$ host www.fbi.gov
    www.fbi.gov is a nickname for fbi.edgesuite.net
    fbi.edgesuite.net is a nickname for a33.g.akamai.net
    a33.g.akamai.net has address 216.200.14.100
    a33.g.akamai.net has address 216.200.14.114
    
    You can see the same effect (and IP's, most likely) on 
    www.akamai.com.  :-)
    
    Hope this helps.  -rt
    
    --
    Ryan Tucker <rtuckerat_private>
    Network Operations Manager, NetAccess, Inc.
    http://www.netacc.net/  (716)419-8252
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Fri Oct 12 2001 - 09:43:05 PDT