Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Something fishy at NetSol again...

  • From: Wayne
  • Date: Wed Dec 30 13:00:11 1998

At 6:02 AM -0500 12/30/98, Steven J. Sobol wrote:
On Tue, Dec 29, 1998 at 10:38:59PM -0700, Rodney Joffe wrote:
I hate co-incidences.
I don't think it's coincidental. Well, maybe it was... Using the default
server that ships with Red Hat Linux's whois, I got that message too. Using
rs8.internic.net, one of the other names in the "hunt group", worked, though.
I think I remember that NetSol was using or experimenting with some dynamic load balancing system to help scale up some of their services. If that work was successful then there may be several hosts behind a load balancer... effectively hidden behind a single IP address which seems to be the driver in the assumption that there's now only one host.

We use sililarly configured infrastructure to deploy most of our services (at Critical Path) and believe me... we've got dozens of hosts with many "hiding" behind single IP addresses...

Just a thought I'd put out there before the ISP community heads to northern Virginia with torches and pitchforks. :-)


At the same time as this story appeared today
http://www.news.com/News/Item/0,4,30366,00.html?st.ne.140.head
whois queries started returning:

*
* WELCOME to InterNIC Registration Services
*
* Sorry, the system load is temporarily too heavy.
*
* Please wait a while and try again.  Thanks
*

It's currently 12:34am EST. and the response is still mostly the same.

A query still needs 5-10 attempts before a server responds.

Dig used to (a couple of weeks ago) show a bunch of servers. Now there
is only 1: 198.41.0.6

Is anyone else having this problem?

Does anyone else have a solution?

We're trying to track down the source of a dos attack, and this kind of
screwing around to find contact data isn't helpful...
The computers are rs[0-8].internic.net. whois.internic.net is supposed to
work too, but I always forget to use it :) and it's not the compiled-in
default in my particular copy of whois.

Recompile whois and set the default host to whois.internic.net and you
may have better luck.

--
Steve Sobol [sjsobol@nacs.net]
Part-time Support Droid [support@nacs.net]
NACS Spaminator [abuse@nacs.net]

Proud resident of Cleveland Heights, Ohio, the coolest place on earth.
http://www.ClevelandHeights.com




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.