|
-
August 27th, 2003, 02:09 PM
#21
Well, im using IE in win 98......,
and when i went to that page, the url in the address bar still displayed http://relays.osirusoft.com.
Ubuntu-: Means in African : "Im too dumb to use Slackware"
-
August 27th, 2003, 02:14 PM
#22
Originally posted here by instronics
Well, im using IE in win 98......,
and when i went to that page, the url in the address bar still displayed http://relays.osirusoft.com.
Please accept my apologies - I was obviously talking rot.
Perhaps someone is trying some DNS poisoning or similar.
Steve
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
-
August 27th, 2003, 02:18 PM
#23
No need to apologize, you were thinking logically. I have no idea what http://relays.osirusoft.com is supposed to be in the first place, so i really dont know what to expect out of it. I just read here that non of you can load the page. I can. Heh, i guess my greek ISP rules 
Cheers.
Ubuntu-: Means in African : "Im too dumb to use Slackware"
-
August 27th, 2003, 02:26 PM
#24
insotronics, can you post your traceroute. There may be weird stuff happening.
My traceroute:
6 ae0-51.mp1.London1.Level3.net (212.187.131.1) 21.827 ms 34.123 ms 17.771
ms
7 so-1-0-0.mp1.London2.Level3.net (212.187.128.49) 20.861 ms 19.923 ms 19.523 ms
8 so-1-0-0.bbr1.Washington1.level3.net (212.187.128.138) 101.320 ms 91.332 ms 90.296 ms
9 so-0-0-0.bbr1.LosAngeles1.level3.net (64.159.1.157) 152.076 ms 151.443 ms
154.387 ms
10 unknown.Level3.net (209.247.9.142) 155.831 ms 153.744 ms 154.289 ms
11 6-1.ipcolo1.LosAngeles1.Level3.net (209.244.10.170) 154.419 ms 154.845 ms
167.302 ms
12 unknown.Level3.net (63.208.231.106) 155.018 ms 155.502 ms 154.122 ms
13 192.168.10.42 (192.168.10.42) 163.073 ms 154.978 ms 162.524 ms
14 * 172.18.71.44 (172.18.71.44) 3325.741 ms *
15 * * *
16 * * *
17 * h-67-100-82-82.LSANCA54.covad.net (67.100.82.82) 3412.108 ms *
<edit>
Note the address on line 13 - Not a public IP!
</edit>
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
-
August 27th, 2003, 02:33 PM
#25
Banned
This just popped into my mail box. I think it is related:
Some time before 11:30 AM Eastern time, the anti-spam database
socks.relays.osirusoft.com run by osirusoft.com seems to have been
hacked.
Possibly thousands of innocent system admins then found that email
their
users sent out was being bounced by uses of this database, even though
they never spammed, and never ran a 'socks' proxy, and were not in the
dialup database (the FTC uses this to protect their ' [email protected]'
address!)
I found bogus responses back on innocent ip addresses that seems to
have
been 'stuffed' into osirusoft.com socks.relays RBL., or an * wildcard
has
replaced the legit database.
(including the netscreen list at qorbit.net)
The TXT record that responds is: Please stop using
relays.osirusoft.com
Looking at news:news.admin.net-abuse.email I see several warning about
using relays.osirusoft.com
This is not surprising, since they run the (popular or un-popular)
anti-spam database 'spews' and have been under DDOS and hacker attack
for
months.
What appears to have happened, is maybe dns cache poising, DNS
hyjacking,
or maybe someone directly compromised the dns server and edited the
database (or one of their secondaries) or, aliens in green suits
decided
to block all email to anyone using the socks, dialups (and maybe
spews)
databases?
latest reply:
Osirusoft is not hacked, all indications simply point at Joe being
tired of
having an outdated DNSBL list . Letting every single query return a
positive,
labelling everything as listed, is the perfect way to get the needed
attention,
especially since most Osirusoft users have been unaware of the
ongoing DDos
attack.
This is old news in news.admin.net-abuse.email and
news.admin.net-abuse.blocklisting. No hacks, but intentional
misconfiguration.
As it says, stop using relays.osirusoft.com as a DNSBL since it is
outdated and
can't be properly updated due to ongoing attacks from spammers.
-
August 27th, 2003, 03:09 PM
#26
Member
-
August 27th, 2003, 03:32 PM
#27
Already posted on this thread!
http://www.antionline.com/showthread...565#post656565
Please read before posting.
Steve
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
-
August 27th, 2003, 04:28 PM
#28
It seems like they are trying to bring this blacklister back to life. Just a little bit ago the message on relays.osirusoft.com was that the site was down because of a drain on resources.
Now I am able to view the site without any issue.
-
August 27th, 2003, 04:33 PM
#29
Originally posted here by mohaughn
Now I am able to view the site without any issue.
What URL are you going to? I am still unable to reach the site.
Cheers:
-
August 27th, 2003, 04:43 PM
#30
Originally posted here by DjM
What URL are you going to? I am still unable to reach the site.
I'm now getting bugzilla!
This has to be DNS poisoning since the results are variable.
Steve
<edit>
Or something very wierd is happening with the routing since again traceroute seems to be hitting 192.168.10.42. This is all very odd.
</edit>
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
