North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Something fishy at NetSol again...

  • From: Steven J. Sobol
  • Date: Wed Dec 30 07:10:07 1998

On Tue, Dec 29, 1998 at 10:38:59PM -0700, Rodney Joffe wrote:
> I hate co-incidences.

I don't think it's coincidental. Well, maybe it was... Using the default
server that ships with Red Hat Linux's whois, I got that message too. Using
rs8.internic.net, one of the other names in the "hunt group", worked, though.
 
> At the same time as this story appeared today
> http://www.news.com/News/Item/0,4,30366,00.html?st.ne.140.head
> whois queries started returning:
> 
> *
> * WELCOME to InterNIC Registration Services 
> *
> * Sorry, the system load is temporarily too heavy.
> *
> * Please wait a while and try again.  Thanks
> *
> 
> It's currently 12:34am EST. and the response is still mostly the same.
> 
> A query still needs 5-10 attempts before a server responds.
> 
> Dig used to (a couple of weeks ago) show a bunch of servers. Now there
> is only 1: 198.41.0.6
> 
> Is anyone else having this problem?
> 
> Does anyone else have a solution?
> 
> We're trying to track down the source of a dos attack, and this kind of
> screwing around to find contact data isn't helpful...

The computers are rs[0-8].internic.net. whois.internic.net is supposed to
work too, but I always forget to use it :) and it's not the compiled-in
default in my particular copy of whois.

Recompile whois and set the default host to whois.internic.net and you
may have better luck.

-- 
Steve Sobol [[email protected]]
Part-time Support Droid [[email protected]]
NACS Spaminator [[email protected]]

Proud resident of Cleveland Heights, Ohio, the coolest place on earth.
http://www.ClevelandHeights.com