SANS Site Down?
Results 1 to 10 of 10

Thread: SANS Site Down?

  1. #1
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002
    Posts
    830

    SANS Site Down?

    I have tried connecting both from my home PC and from my work PC and even though they use completely different DNS servers www.sans.org is not resolving.

    I am getting the error:

    Unable to determine IP address from host name for www.sans.org

    Is anyone aware of SANS being hacked or DoS'd? Is this some sort of cache poisoning?

    Or- are they just down right now for some reason??

  2. #2
    Senior Member
    Join Date
    Mar 2003
    Location
    central il
    Posts
    1,779
    I get a host unknown from a ping here, their (or their providers) DNS must be down.
    Who is more trustworthy then all of the gurus or Buddha’s?

  3. #3
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Hmm...got some spam from them this morning...kinda wish I hadn't permantly deleted it now...

    Here is what I get (using a regional university as dns server)

    > server ns1.msstate.edu
    Default Server: ns1.msstate.edu
    Address: 130.18.80.12

    > set debug
    > set d2
    > www.sans.org
    Server: ns1.msstate.edu
    Address: 130.18.80.12

    ;; res_nmkquery(QUERY, www.sans.org, IN, A)
    ------------
    SendRequest(), len 30
    HEADER:
    opcode = QUERY, id = 11862, rcode = NOERROR
    header flags: query, want recursion
    questions = 1, answers = 0, authority records = 0, additional = 0

    QUESTIONS:
    www.sans.org, type = A, class = IN

    ------------
    timeout
    timeout
    SendRequest failed


    DNS definitely looks like it is suffering...

    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  4. #4
    Junior Member
    Join Date
    Jul 2003
    Posts
    25
    Works for me, was a little slow loading but it did load.

  5. #5
    Junior Member
    Join Date
    Sep 2001
    Posts
    5
    And this is what I get :

    >While trying to retrieve the URL: http://www.sans.org/

    >The following error was encountered:

    >Unable to determine IP address from host name for www.sans.org
    >The dnsserver returned:

    >Name Error: The domain name does not exist.
    >This means that:

    > The cache was not able to resolve the hostname presented in the URL.
    > Check if the address is correct.

    Something might be wrong.

  6. #6
    Senior Member DeadAddict's Avatar
    Join Date
    Jun 2003
    Posts
    2,583
    I am thinking that are updating the content(good thought) but they could also be being hit with alot of requests and it brought the server down hope it comes back up soon.

  7. #7
    Senior Member
    Join Date
    Mar 2003
    Posts
    372
    nebulus200 - heh, I got that same spam from them. It's just something about their webcast this coming Friday. Nothing about problems with the site or DNS.


    FWIW I also cannot get to it from either our west coast or east coast locations. I get an unresolvable address.

    Give a man a match and he will be warm for a while, light him on fire and he will be warm for the rest of his life.

  8. #8
    Senior Member
    Join Date
    Mar 2002
    Posts
    442
    I am getting there fine, no problems at all. :S

  9. #9
    Senior Member
    Join Date
    Mar 2003
    Posts
    301
    Yeah i was able to get to it too. But it was a bit slow.

    PeacE
    -BoB
    #!/usr/local/bin/perl -s-- -export-a-crypto-system-sig -RSA-in-3-lines-PERL
    ($k,$n)=@ARGV;$m=unpack(H.$w,$m.\"\\0\"x$w),$_=`echo \"16do$w 2+4Oi0$d*-^1[d2%
    Sa2/d0<X+d*La1=z\\U$n%0]SX$k\"[$m*]\\EszlXx++p|dc`,s/^.|\\W//g,print pack(\'H*\'
    ,$_)while read(STDIN,$m,($w=2*$d-1+length($n||die\"$0 [-d] k n\\n\")&~1)/2)

  10. #10
    Senior Member
    Join Date
    Mar 2003
    Posts
    372
    according to one of the lists I'm on it looks like maybe register.com lost their databases for one reason or another. Here is a cut-n-paste from the list:

    >gtld's can't seem to point an NS to these domains:
    >
    >[root@mrtg mrtg]# nslookup
    >> server k.gtld-servers.net
    >Default server: k.gtld-servers.net
    >Address: 192.52.178.30#53
    >> set querytype=NS
    >> sans.org
    >Server: k.gtld-servers.net
    >Address: 192.52.178.30#53
    >
    >Non-authoritative answer:
    >*** Can't find sans.org: No answer


    This is ... rather normal. .org is served by *.NSTLD.COM now. .net and .com
    are still served by *.gtld-servers.net.

    It looks like register.com either hosed their database, or hosed records
    while trying to update various records (at the request of the owners or
    someone else, who knows).

    A variety of domains appear affected, sans.org, dhsield.org, incidents.org,
    homepc.org, etc. All .org, all related and sharing infrastructure
    aooerently.

    Right now I'm inclined towards Occam's razor, this is a technical screw
    up/"normal" DNS modification and not something "evil".

    Give a man a match and he will be warm for a while, light him on fire and he will be warm for the rest of his life.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •