Re: [ihc] Interesting find

["Ryan Moore" <baradium@xxxxxxxxxxx>]

----- Original Message ----- 
From: "Richard Welty" <rwelty@domain.elided>
To: "ihc-digest" <ihc@domain.elided>
Sent: Wednesday, June 02, 2004 09:00
Subject: Re: [ihc] Interesting find


> On Tue, 1 Jun 2004 22:58:04 -0500 Ryan Moore <baradium@domain.elided> wrote:
> > From: "Richard Welty" <rwelty@domain.elided>
>
> > > server's up, and / produces the expected result.
what
> > > URL did you enter? alternatively, could the DNS server you're using
have
> > > been hacked?
> > II used the aforementioned URL...
>
> > As far as the DNS server.... <shrug>
>
> > Still seems that other sites would have problems.  I can still send
e-mail
> > to the list and recieve it too. I can still visit other websites no
problem,
> > only problem is trying to visit the digest web page.
>
> not necessarily. DNS cache poisoning can be a pretty insidious and focused
> attack, although why anyone would do that to digest.net is beyond me. in
any
> event, since you told me off list that www.digest.net is mapping to
192.94.170.10,
> that's not the issue, as that is the correct mapping.
>
> who are you using for actual access? do you know if they are doing a web
> proxy thing (transparent or explicit)?
>
> richard

I have no idea why they'd be limiting webpage access to the digest.  I'm
accessing through the MTSU network (high speed connections are fun!),
anyway, honestly, I don't see why they would care at all about me accessing
the digest's web page.  The only things they really get heartburn over are
music download programs (which I don't use) and IRC, which I no longer use,
although it probobly wouldn't matter if I wanted to or not because they try
to detect any new IRC ports and shut them down if someone tries to connect
to IRC through them.

They also flip out about people who don't keep updated on security patches
and antivirus, but I do that too (it's an even bigger deal when you have a
few thousand computers on the network, those worms can really bog down the
network with traffic!)  Those dang worms caused them to put stricter
throttles up on the buildings... not really an issue for me though at the
moment now that most students are gone and I have a building to myself, I'm
still limited by whoever I'm downloading from...   In more background, our
on campus backbones are all high speed fiberoptic connecting the buildings.
The direct connection from there to the individual computers in the
buildings 10/100 for the dorms.  Vanderbilt has given us access to their
Internet2 connection and we upgraded from a few T3s to something else last
year (no idea what it is though).  Generally I'm limited by one of three
things throughout the year, the site I'm connecting to, the throttle, or the
10/100 ethernet, right now it's usually the site connecting to and
occasionally the 10/100... one year left of this connection for me, I'm
really going to miss it when I have to go back to dialup!

I guess the extended explanation isn't really neccessary, but maybe you cans
ee something in the setup.

There is a firewall between my computer on the outside, and on my computer
as well as an additional one at the dorm.  The two outside firewalls are
both incoming and outgoing, they have the ports that those worms like to use
blocked from incoming or outgoing for campus and also incoming or outgoing
from the dorms to stop the spread of them on campus for those who didn't
figure out that they really did need the patches offered.

Does the digest.net home page do anything different from a normal webpage
that might cause the server to choke on it?  Remember, it was fine as recent
as a week ago.

I also notice that I'm still able to send e-mail to digest.net....


Thanks,
Ryan


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.690 / Virus Database: 451 - Release Date: 5/22/04