although this has to do with spam, i think folks will agree that there's
operational content here:
relays.osirusoft.com is down, it's history, stop using it.
it is currently returning 127.0.0.2 for everything, so if you're using it,
you won't receive this, but at least those who don't use it will know what
to say when the issue comes up.
richard
Yo Richard!
returning 127.0.0.2 for everything would be an ugly way to bow out.
I am just seeing timeouts for XXX.relays.osirusoft.com now.
RGDS
GARY
returning 127.0.0.2 for everything would be an ugly way to bow out.
yes, but it's been done before.
I am just seeing timeouts for XXX.relays.osirusoft.com now.
there has been a heavy DOS in progress against a couple of prominent
anti-spammers for a week or so now, Joe Jared/Osirusoft is one of them.
richard
"Gary E. Miller" wrote:
Yo Richard!
returning 127.0.0.2 for everything would be an ugly way to bow out.
I am just seeing timeouts for XXX.relays.osirusoft.com now.
I'm seeing timeout issues too, which would match with DoS attacks. But
in my logs I see,
Aug 26 01:17:51 aurora named[284]: [ID 866145 daemon.info] lame server resolving '130.38.76.211.relays.osirusoft.com' (in 'relays.osirusoft.COM'?): 127.0.0.1#53
(That's PDT), and in my cache I see,
$ dig relays.osirusoft.com ns
; <<>> DiG 9.2.2 <<>> relays.osirusoft.com ns
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59238
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;relays.osirusoft.com. IN NS
;; ANSWER SECTION:
relays.osirusoft.com. 33863 IN NS ns2-relays.osirusoft.com.
relays.osirusoft.com. 33863 IN NS ns1-relays.osirusoft.com.
;; ADDITIONAL SECTION:
ns1-relays.osirusoft.com. 33863 IN A 127.0.0.1
;; Query time: 7 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Aug 26 15:49:15 2003
;; MSG SIZE rcvd: 104
Hello
; <<>> DiG 9.2.0 <<>> relays.osirusoft.com txt
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39308
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 0
;; QUESTION SECTION:
;relays.osirusoft.com. IN TXT
;; ANSWER SECTION: relays.osirusoft.com. 86384 IN TXT "Please stop using
relays.osirusoft.com"
;; AUTHORITY SECTION:
osirusoft.com. 86384 IN NS ns2.osirusoft.com.
osirusoft.com. 86384 IN NS ns3.osirusoft.com.
osirusoft.com. 86384 IN NS ns4.osirusoft.com.
osirusoft.com. 86384 IN NS ns1.osirusoft.com.
In the immortal words of Richard Welty (rwelty@averillpark.net):
> returning 127.0.0.2 for everything would be an ugly way to bow out.
yes, but it's been done before.
And oddly enough, it was a terrible idea the first time, and hasn't
gotten any better in the intervening months. I suppose going down in
a blaze of glory might be appealing in the sleep-deprived haze of the
tail end of a multi-week DDOS attack, but PLEASE. Null-route the
netblock and be done with it. Returning 127.0.0.2 for every query
does NOTHING but convince more people that volunteer blacklist
providers like SPEWS are more trouble than they're worth.
-n
------------------------------------------------------------<memory@blank.org>
"Must I pray in Hebrew?" No, and wipe that look of terror off your face.
Fluency in Hebrew, of course, is vital to the proper understanding of Israeli
truck driver insults. (--David Bader, "How to Be an Extremely Reform Jew")
<http://blank.org/memory/>----------------------------------------------------
IIRC, it was Ron Guilmette who did this for a BL zone he was operating a long time ago,
but it happened six months or so after he had deactivated the zone and was still
getting numerous queries for it. So he reactivated the zone, answering 127.0.0.2 for
every query, to get those people to stop. He also posted his intentions to SPAM-L
and NANAE at least a few weeks in advance. Still a BOFHish move, but at least there was
plenty of warning.
-C
hey, i agree, i'm just the messenger here.
richard