Actually faster than usual here, probably due to akamai: Non-authoritative answer: www.windowsupdate.com canonical name = windowsupdate.microsoft.nsatc.net. windowsupdate.microsoft.nsatc.net canonical name = windowsupdate.microsoft.com.edgesuite.net. windowsupdate.microsoft.com.edgesuite.net canonical name = a822.cd.akamai.net. Name: a822.cd.akamai.net Address: 166.90.148.198 Name: a822.cd.akamai.net Address: 166.90.148.199 Name: a822.cd.akamai.net Address: 166.90.148.215 Name: a822.cd.akamai.net Address: 166.90.148.233 Name: a822.cd.akamai.net Address: 166.90.148.246 Name: a822.cd.akamai.net Address: 166.90.148.247 Jason Baugher -----Original Message----- From: up@3.am [mailto:up@3.am] Sent: Friday, August 15, 2003 8:46 AM To: Huopio Kauto Cc: 'nanog@merit.edu' Subject: RE: microsoft.com Yeah: 7 sl-gw29-nyc-0-0.sprintlink.net (144.232.13.16) 8.728 ms 8.674 ms 8 sl-ft-10-0.sprintlink.net (144.232.171.90) 12.338 ms 11.911 ms 9 P13-0.NYKCR2.New-york.opentransit.net (193.251.241.30) 37.556 ms 10 P2-0.NYKBB5.New-york.opentransit.net (193.251.241.230) 12.385 ms 11 81.52.249.16 (81.52.249.16) 13.164 ms 19.364 ms 12.446 ms Interestingly, there's no reverse dns for 81.52.249.16 and it shows as being RIPE space...allocated to Akamai...do you suppose this is to minimize embarassment to MS that they would have to use Akamai? On Fri, 15 Aug 2003, Huopio Kauto wrote:
It seems that Microsoft is Akamai'zing as we speak..
--Kauto
Kauto Huopio - kauto.huopio@ficora.fi Information Security Adviser / CERT-FI -coordinator Finnish Communications Regulatory Authority / CERT-FI tel. +358-9-6966772, fax. +358-9-6966515 CERT-FI duty desk +358-9-6966510 / http://www.cert.fi
-----Original Message----- From: Bryan Heitman [mailto:bryan@bryanheitman.com] Sent: Friday, August 15, 2003 8:48 AM To: nanog@merit.edu Subject: microsoft.com
Several networks I have talked to are reporting they can't get to www.microsoft.com
Has the virus began? anyone?
Bryan
James Smallacombe PlantageNet, Inc. CEO and Janitor up@3.am http://3.am ======================================================================== =
nslookup www.windowsupdate.com Server: ns2.nv.cox.net Address: 68.100.16.25 *** ns2.nv.cox.net can't find www.windowsupdate.com: Non-existent host/domain Grisha On Fri, 15 Aug 2003, Jason Baugher wrote:
Actually faster than usual here, probably due to akamai:
Non-authoritative answer: www.windowsupdate.com canonical name = windowsupdate.microsoft.nsatc.net. windowsupdate.microsoft.nsatc.net canonical name = windowsupdate.microsoft.com.edgesuite.net. windowsupdate.microsoft.com.edgesuite.net canonical name = a822.cd.akamai.net. Name: a822.cd.akamai.net Address: 166.90.148.198 Name: a822.cd.akamai.net Address: 166.90.148.199 Name: a822.cd.akamai.net Address: 166.90.148.215 Name: a822.cd.akamai.net Address: 166.90.148.233 Name: a822.cd.akamai.net Address: 166.90.148.246 Name: a822.cd.akamai.net Address: 166.90.148.247
Jason Baugher
-----Original Message----- From: up@3.am [mailto:up@3.am] Sent: Friday, August 15, 2003 8:46 AM To: Huopio Kauto Cc: 'nanog@merit.edu' Subject: RE: microsoft.com
Yeah:
7 sl-gw29-nyc-0-0.sprintlink.net (144.232.13.16) 8.728 ms 8.674 ms 8 sl-ft-10-0.sprintlink.net (144.232.171.90) 12.338 ms 11.911 ms 9 P13-0.NYKCR2.New-york.opentransit.net (193.251.241.30) 37.556 ms 10 P2-0.NYKBB5.New-york.opentransit.net (193.251.241.230) 12.385 ms 11 81.52.249.16 (81.52.249.16) 13.164 ms 19.364 ms 12.446 ms
Interestingly, there's no reverse dns for 81.52.249.16 and it shows as being RIPE space...allocated to Akamai...do you suppose this is to minimize embarassment to MS that they would have to use Akamai?
On Fri, 15 Aug 2003, Huopio Kauto wrote:
It seems that Microsoft is Akamai'zing as we speak..
--Kauto
Kauto Huopio - kauto.huopio@ficora.fi Information Security Adviser / CERT-FI -coordinator Finnish Communications Regulatory Authority / CERT-FI tel. +358-9-6966772, fax. +358-9-6966515 CERT-FI duty desk +358-9-6966510 / http://www.cert.fi
-----Original Message----- From: Bryan Heitman [mailto:bryan@bryanheitman.com] Sent: Friday, August 15, 2003 8:48 AM To: nanog@merit.edu Subject: microsoft.com
Several networks I have talked to are reporting they can't get to www.microsoft.com
Has the virus began? anyone?
Bryan
James Smallacombe PlantageNet, Inc. CEO and Janitor up@3.am http://3.am ======================================================================== =
"Gregory (Grisha) Trubetskoy" wrote:
nslookup www.windowsupdate.com Server: ns2.nv.cox.net Address: 68.100.16.25
*** ns2.nv.cox.net can't find www.windowsupdate.com: Non-existent host/domain
Some news outlets are reporting this is actually Microsoft's plan, http://zdnet.com.com/2100-1105_2-5064433.html [sinp]
-----Original Message----- From: Bryan Heitman [mailto:bryan@bryanheitman.com] Sent: Friday, August 15, 2003 8:48 AM To: nanog@merit.edu Subject: microsoft.com
Several networks I have talked to are reporting they can't get to www.microsoft.com
Has the virus began? anyone?
There apparently was an unrelated DDoS attack on www.microsoft.com, http://www.infoworld.com/article/03/08/15/HNmsfalls_1.html -- Crist J. Clark crist.clark@globalstar.com Globalstar Communications (408) 933-4387 The information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact postmaster@globalstar.com
Crist Clark wrote:
Some news outlets are reporting this is actually Microsoft's plan,
I'm sure Microsoft is aware that many networks are severly pissed off about the extra overhead they are enduring because of this worm. I think my helpdesk said, "Fry 'em." While we'll continue monitoring and cleaning up systems scanning for infections, the DOS side of the worm and variants is rather tame and will be allowed through so long as it meets standard egress/ingress policy. I just can't see a bunch of already employee starved networks devoting more resources just to save Microsoft from their own vulnerability. -Jack
On Fri, Aug 15, 2003 at 06:40:49PM -0500, Jack Bates wrote:
I'm sure Microsoft is aware that many networks are severly pissed off about the extra overhead they are enduring because of this worm. I think my helpdesk said, "Fry 'em." While we'll continue monitoring and cleaning up systems scanning for infections, the DOS side of the worm and variants is rather tame and will be allowed through so long as it meets standard egress/ingress policy. I just can't see a bunch of already employee starved networks devoting more resources just to save Microsoft from their own vulnerability.
Having dealt with many very annoying vulnerabilities in the past like this (The numerous CodeRed varients/Nimda, Slammer, this), I'm fed up of it. To the point where it doesn't hurt my network, hurt other people, or cause me an increase in costs, I won't be going out of my way to defend MS. Frankly, it might be the only way they'll learn. Imaging the havok if every Windows virus tried to attack MS. -- Avleen Vig Systems Administrator Personal: www.silverwraith.com
On Fri, 15 Aug 2003 17:46:56 PDT, Avleen Vig said:
To the point where it doesn't hurt my network, hurt other people, or cause me an increase in costs, I won't be going out of my way to defend MS. Frankly, it might be the only way they'll learn. Imaging the havok if every Windows virus tried to attack MS.
Well, the majority of the recent worms have gotten loose on MS's corporate net and caused enough disruption to make the news, and there was the time that windowsupdate.microsoft.com got nailed by CodeRed... Oh.. wait.. you meant *intentionally* tried to attack....
*** ns2.nv.cox.net can't find www.windowsupdate.com: Non-existent host/domain
Some news outlets are reporting this is actually Microsoft's plan,
Sure it was, and it's probably the best thing MS could have done (for themselves AND the larger Internet) given the circumstances. After all, infected systems aren't going to stop scanning and DOS attacks from a huge number of compromised hosts targeting windowsupdate.com IPs is simply going to result in increased network utilization for a bunch of garbage traffic that'll either be dropped as a result of congestion on some networks, blackholed on others (from the folks that care no more about MS being DOS attacked then the next guy, but do care about their networks availability and the Internet in general), or hit some severely crippled server(s). MS has bugs, sure, and there's probably no excuse for lots of them. However, it could have been linux or any other OS. Folks give MS a hard time for the same reason they give Cisco a hard time -- because their products are nearly ubiquitous. I'm not going to dive into some huge rant here (others have articulated this point nicely already), some folks are much more passionate than I about the issue and I don't care to spend the cycles arguing something I care little about. MS isn't going away any time soon, like it or not, and the only way problems of this sort (that have been disclosed) are going to be cleanly resolved is by end users patching their systems. -danny PS: If folks are going to rant about MS products being horrible they might want to consider using non-MS products and posting to NANOG from non-MS mail clients/systems *8^).
participants (7)
-
Avleen Vig
-
Crist Clark
-
Danny McPherson
-
Gregory (Grisha) Trubetskoy
-
Jack Bates
-
Jason Baugher
-
Valdis.Kletnieks@vt.edu