although this has to do with spam, i think folks will agree that there's operational content here: relays.osirusoft.com is down, it's history, stop using it. it is currently returning 127.0.0.2 for everything, so if you're using it, you won't receive this, but at least those who don't use it will know what to say when the issue comes up. richard -- Richard Welty rwelty@averillpark.net Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Yo Richard! returning 127.0.0.2 for everything would be an ugly way to bow out. I am just seeing timeouts for XXX.relays.osirusoft.com now. RGDS GARY --------------------------------------------------------------------------- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 gem@rellim.com Tel:+1(541)382-8588 Fax: +1(541)382-8676 On Tue, 26 Aug 2003, Richard Welty wrote:
relays.osirusoft.com is down, it's history, stop using it.
it is currently returning 127.0.0.2 for everything, so if you're using it, you won't receive this, but at least those who don't use it will know what to say when the issue comes up.
On Tue, 26 Aug 2003 15:25:46 -0700 (PDT) "Gary E. Miller" <gem@rellim.com> wrote:
returning 127.0.0.2 for everything would be an ugly way to bow out.
yes, but it's been done before.
I am just seeing timeouts for XXX.relays.osirusoft.com now.
there has been a heavy DOS in progress against a couple of prominent anti-spammers for a week or so now, Joe Jared/Osirusoft is one of them. richard -- Richard Welty rwelty@averillpark.net Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
In the immortal words of Richard Welty (rwelty@averillpark.net):
On Tue, 26 Aug 2003 15:25:46 -0700 (PDT) "Gary E. Miller" <gem@rellim.com> wrote:
returning 127.0.0.2 for everything would be an ugly way to bow out.
yes, but it's been done before.
And oddly enough, it was a terrible idea the first time, and hasn't gotten any better in the intervening months. I suppose going down in a blaze of glory might be appealing in the sleep-deprived haze of the tail end of a multi-week DDOS attack, but PLEASE. Null-route the netblock and be done with it. Returning 127.0.0.2 for every query does NOTHING but convince more people that volunteer blacklist providers like SPEWS are more trouble than they're worth. -n ------------------------------------------------------------<memory@blank.org> "Must I pray in Hebrew?" No, and wipe that look of terror off your face. Fluency in Hebrew, of course, is vital to the proper understanding of Israeli truck driver insults. (--David Bader, "How to Be an Extremely Reform Jew") <http://blank.org/memory/>----------------------------------------------------
IIRC, it was Ron Guilmette who did this for a BL zone he was operating a long time ago, but it happened six months or so after he had deactivated the zone and was still getting numerous queries for it. So he reactivated the zone, answering 127.0.0.2 for every query, to get those people to stop. He also posted his intentions to SPAM-L and NANAE at least a few weeks in advance. Still a BOFHish move, but at least there was plenty of warning. -C On Wed, Aug 27, 2003 at 01:36:54PM -0400, Nathan J. Mehl wrote:
In the immortal words of Richard Welty (rwelty@averillpark.net):
On Tue, 26 Aug 2003 15:25:46 -0700 (PDT) "Gary E. Miller" <gem@rellim.com> wrote:
returning 127.0.0.2 for everything would be an ugly way to bow out.
yes, but it's been done before.
And oddly enough, it was a terrible idea the first time, and hasn't gotten any better in the intervening months. I suppose going down in a blaze of glory might be appealing in the sleep-deprived haze of the tail end of a multi-week DDOS attack, but PLEASE. Null-route the netblock and be done with it. Returning 127.0.0.2 for every query does NOTHING but convince more people that volunteer blacklist providers like SPEWS are more trouble than they're worth.
-n
------------------------------------------------------------<memory@blank.org> "Must I pray in Hebrew?" No, and wipe that look of terror off your face. Fluency in Hebrew, of course, is vital to the proper understanding of Israeli truck driver insults. (--David Bader, "How to Be an Extremely Reform Jew") <http://blank.org/memory/>----------------------------------------------------
On Wed, 27 Aug 2003 13:36:54 -0400 "Nathan J. Mehl" <memory-nanog@blank.org> wrote:
In the immortal words of Richard Welty (rwelty@averillpark.net):
On Tue, 26 Aug 2003 15:25:46 -0700 (PDT) "Gary E. Miller" <gem@rellim.com> wrote:
returning 127.0.0.2 for everything would be an ugly way to bow out.
yes, but it's been done before.
And oddly enough, it was a terrible idea the first time, and hasn't gotten any better in the intervening months. I suppose going down in a blaze of glory might be appealing in the sleep-deprived haze of the tail end of a multi-week DDOS attack, but PLEASE.
hey, i agree, i'm just the messenger here. richard -- Richard Welty rwelty@averillpark.net Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
"Gary E. Miller" wrote:
Yo Richard!
returning 127.0.0.2 for everything would be an ugly way to bow out.
I am just seeing timeouts for XXX.relays.osirusoft.com now.
I'm seeing timeout issues too, which would match with DoS attacks. But in my logs I see, Aug 26 01:17:51 aurora named[284]: [ID 866145 daemon.info] lame server resolving '130.38.76.211.relays.osirusoft.com' (in 'relays.osirusoft.COM'?): 127.0.0.1#53 (That's PDT), and in my cache I see, $ dig relays.osirusoft.com ns ; <<>> DiG 9.2.2 <<>> relays.osirusoft.com ns ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59238 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;relays.osirusoft.com. IN NS ;; ANSWER SECTION: relays.osirusoft.com. 33863 IN NS ns2-relays.osirusoft.com. relays.osirusoft.com. 33863 IN NS ns1-relays.osirusoft.com. ;; ADDITIONAL SECTION: ns1-relays.osirusoft.com. 33863 IN A 127.0.0.1 ;; Query time: 7 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Tue Aug 26 15:49:15 2003 ;; MSG SIZE rcvd: 104 -- Crist J. Clark crist.clark@globalstar.com
Hello ; <<>> DiG 9.2.0 <<>> relays.osirusoft.com txt ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39308 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 0 ;; QUESTION SECTION: ;relays.osirusoft.com. IN TXT ;; ANSWER SECTION: relays.osirusoft.com. 86384 IN TXT "Please stop using relays.osirusoft.com" ;; AUTHORITY SECTION: osirusoft.com. 86384 IN NS ns2.osirusoft.com. osirusoft.com. 86384 IN NS ns3.osirusoft.com. osirusoft.com. 86384 IN NS ns4.osirusoft.com. osirusoft.com. 86384 IN NS ns1.osirusoft.com. On Tue, 26 Aug 2003, Crist Clark wrote:
Date: Tue, 26 Aug 2003 15:55:10 -0700 From: Crist Clark <crist.clark@globalstar.com> To: Gary E. Miller <gem@rellim.com> Cc: Richard Welty <rwelty@averillpark.net>, nanog@merit.edu Subject: Re: relays.osirusoft.com
"Gary E. Miller" wrote:
Yo Richard!
returning 127.0.0.2 for everything would be an ugly way to bow out.
I am just seeing timeouts for XXX.relays.osirusoft.com now.
I'm seeing timeout issues too, which would match with DoS attacks. But in my logs I see,
Aug 26 01:17:51 aurora named[284]: [ID 866145 daemon.info] lame server resolving '130.38.76.211.relays.osirusoft.com' (in 'relays.osirusoft.COM'?): 127.0.0.1#53
(That's PDT), and in my cache I see,
$ dig relays.osirusoft.com ns
; <<>> DiG 9.2.2 <<>> relays.osirusoft.com ns ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59238 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION: ;relays.osirusoft.com. IN NS
;; ANSWER SECTION: relays.osirusoft.com. 33863 IN NS ns2-relays.osirusoft.com. relays.osirusoft.com. 33863 IN NS ns1-relays.osirusoft.com.
;; ADDITIONAL SECTION: ns1-relays.osirusoft.com. 33863 IN A 127.0.0.1
;; Query time: 7 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Tue Aug 26 15:49:15 2003 ;; MSG SIZE rcvd: 104
participants (6)
-
Chris Woodfield -
Crist Clark -
Gary E. Miller -
michael -
Nathan J. Mehl -
Richard Welty