[Outages-discussion] [outages] Is UPS.COM down

L.T. Easterly corqpub at gmail.com
Sun Sep 4 23:13:50 EDT 2011 

FWIW, my NSLookup via google's dns 8.8.8.8 has been accurate since realizing
I wasn't seeing the defacement earlier today:

via twitter: " RT @F4ls3Blu3 Netnames.co.uk <<<< Owned L O L "

Currently from my home connection and using googles' dns servers, this
subverts seeing the hijacked edition of any of the affected sites. Many
sites that continued to update the correct record may have mitigated the
spread of the bad records. I'm looking forward to what tomorrow's news cycle
makes of this.

I'm assuming that the UK server may not have proliferated the record far
(interesting that most were US-hosted sites, but attack launched via a UK
dns server, so, better luck next time, attackers.)




On Sep 4, 2011 9:28 PM, "Josh Luthman" <josh at imaginenetworksllc.com> wrote:
>
> DNS Cache.
>
>
http://en.wikipedia.org/wiki/Domain_Name_System#Recursive_and_caching_name_server
>
> In other words, the web server is not down but the DNS records are
broken.  To get around the broken part you can do as was suggested and etc
your hosts file (used before your DNS server, usually).
>
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
>
>
>
> On Sun, Sep 4, 2011 at 9:09 PM, Jeremy Chadwick <outages at jdc.parodius.com>
wrote:
>>
>> This response makes absolutely no sense with regards to the information
>> I provided.  Also, "cash server"?  End of thread for me.
>>
>> --
>> | Jeremy Chadwick                                jdc at parodius.com |
>> | Parodius Networking                       http://www.parodius.com/ |
>> | UNIX Systems Administrator                   Mountain View, CA, US |
>> | Making life hard for others since 1977.               PGP 4BD6C0CB |
>>
>> On Sun, Sep 04, 2011 at 08:00:33PM -0500, Mark Kierzkowski wrote:
>> > You can created local record on your dns server for ups.com for now
till there register fixes it.
>> >
>> > Here is dns record from Comcast cash servers for ups.com
>> >
>> > ups.com
>> > Non-authoritative answer:
>> > Name:??? ups.com
>> > Addresses:? 153.2.224.50, 153.2.228.50
>> > ?
>> >
>> >
>> >
>> > --------------------------
>> > Thanks.
>> > Mark Kierzkowski
>> >
>> > ----- Original Message -----
>> > From: Jeremy Chadwick [mailto:outages at jdc.parodius.com]
>> > Sent: Sunday, September 04, 2011 07:42 PM
>> > To: Mark Kierzkowski
>> > Cc: outages at outages.org <outages at outages.org>
>> > Subject: Re: [outages] Is UPS.COM down
>> >
>> > Which DNS servers?  It looks to me like nsa.ups.com and nsb.ups.comwork
>> > fine.  I didn't care to try the AT&T and Sprint authoritative NSes.
>> > Below is validation.
>> >
>> > My workplace relies heavily on UPS's web-based XML API for package
>> > status and tracking details, and none of our real-time monitoring has
>> > alerted for DNS issues or anything else pertaining to UPS today.
>> >
>> >
>> >
>> > $ dig @a.gtld-servers.net ns ups.com.
>> >
>> > ; <<>> DiG 9.6.-ESV-R5 <<>> @a.gtld-servers.net ns ups.com.
>> > ; (1 server found)
>> > ;; global options: +cmd
>> > ;; Got answer:
>> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22371
>> > ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 6
>> > ;; WARNING: recursion requested but not available
>> >
>> > ;; QUESTION SECTION:
>> > ;ups.com.                       IN      NS
>> >
>> > ;; AUTHORITY SECTION:
>> > ups.com.                172800  IN      NS      nsa.ups.com.
>> > ups.com.                172800  IN      NS      nsb.ups.com.
>> > ups.com.                172800  IN      NS
cbru.br.ns.els-gms.att.net.
>> > ups.com.                172800  IN      NS
cmtu.mt.ns.els-gms.att.net.
>> > ups.com.                172800  IN      NS      ns1-auth.sprintlink.net
.
>> > ups.com.                172800  IN      NS      ns2-auth.sprintlink.net
.
>> >
>> > ;; ADDITIONAL SECTION:
>> > nsa.ups.com.            172800  IN      A       153.2.242.115
>> > nsb.ups.com.            172800  IN      A       153.2.244.155
>> > cbru.br.ns.els-gms.att.net. 172800 IN   A       199.191.128.105
>> > cmtu.mt.ns.els-gms.att.net. 172800 IN   A       12.127.16.69
>> > ns1-auth.sprintlink.net. 172800 IN      A       206.228.179.10
>> > ns2-auth.sprintlink.net. 172800 IN      A       144.228.254.10
>> >
>> > ;; Query time: 104 msec
>> > ;; SERVER: 192.5.6.30#53(192.5.6.30)
>> > ;; WHEN: Sun Sep  4 17:37:37 2011
>> > ;; MSG SIZE  rcvd: 276
>> >
>> >
>> > $ dig @nsa.ups.com a www.ups.com
>> >
>> > ; <<>> DiG 9.6.-ESV-R5 <<>> @nsa.ups.com a www.ups.com
>> > ; (1 server found)
>> > ;; global options: +cmd
>> > ;; Got answer:
>> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16074
>> > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 9, ADDITIONAL: 5
>> >
>> > ;; QUESTION SECTION:
>> > ;www.ups.com.                   IN      A
>> >
>> > ;; ANSWER SECTION:
>> > www.ups.com.            300     IN      CNAME   www.ups.com.akadns.net.
>> > www.ups.com.akadns.net. 92      IN      CNAME
www.upsprodcidr2.com.akadns.net.
>> > www.upsprodcidr2.com.akadns.net. 15 IN  CNAME
www2.ups.com.edgekey.net.
>> > www2.ups.com.edgekey.net. 129   IN      CNAME   e1250.b.akamaiedge.net.
>> > e1250.b.akamaiedge.net. 5       IN      A       96.6.165.62
>> >
>> > ;; AUTHORITY SECTION:
>> > b.akamaiedge.net.       228     IN      NS      n4b.akamaiedge.net.
>> > b.akamaiedge.net.       228     IN      NS      n6b.akamaiedge.net.
>> > b.akamaiedge.net.       228     IN      NS      n1b.akamaiedge.net.
>> > b.akamaiedge.net.       228     IN      NS      n5b.akamaiedge.net.
>> > b.akamaiedge.net.       228     IN      NS      n2b.akamaiedge.net.
>> > b.akamaiedge.net.       228     IN      NS      n8b.akamaiedge.net.
>> > b.akamaiedge.net.       228     IN      NS      n3b.akamaiedge.net.
>> > b.akamaiedge.net.       228     IN      NS      n0b.akamaiedge.net.
>> > b.akamaiedge.net.       228     IN      NS      n7b.akamaiedge.net.
>> >
>> > ;; ADDITIONAL SECTION:
>> > n2b.akamaiedge.net.     3393    IN      A       209.170.113.121
>> > n4b.akamaiedge.net.     919     IN      A       209.170.113.83
>> > n5b.akamaiedge.net.     217     IN      A       209.170.113.120
>> > n7b.akamaiedge.net.     919     IN      A       209.170.113.83
>> > n8b.akamaiedge.net.     3030    IN      A       209.170.113.83
>> >
>> > ;; Query time: 96 msec
>> > ;; SERVER: 153.2.242.115#53(153.2.242.115)
>> > ;; WHEN: Sun Sep  4 17:37:46 2011
>> > ;; MSG SIZE  rcvd: 422
>> >
>> >
>> > $ dig @nsb.ups.com a www.ups.com
>> >
>> > ; <<>> DiG 9.6.-ESV-R5 <<>> @nsb.ups.com a www.ups.com
>> > ; (1 server found)
>> > ;; global options: +cmd
>> > ;; Got answer:
>> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9024
>> > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 9, ADDITIONAL: 6
>> >
>> > ;; QUESTION SECTION:
>> > ;www.ups.com.                   IN      A
>> >
>> > ;; ANSWER SECTION:
>> > www.ups.com.            300     IN      CNAME   www.ups.com.akadns.net.
>> > www.ups.com.akadns.net. 277     IN      CNAME
www.upsprodcidr2.com.akadns.net.
>> > www.upsprodcidr2.com.akadns.net. 7 IN   CNAME
www2.ups.com.edgekey.net.
>> > www2.ups.com.edgekey.net. 346   IN      CNAME   e1250.b.akamaiedge.net.
>> > e1250.b.akamaiedge.net. 20      IN      A       72.247.9.62
>> >
>> > ;; AUTHORITY SECTION:
>> > b.akamaiedge.net.       317     IN      NS      n3b.akamaiedge.net.
>> > b.akamaiedge.net.       317     IN      NS      n4b.akamaiedge.net.
>> > b.akamaiedge.net.       317     IN      NS      n2b.akamaiedge.net.
>> > b.akamaiedge.net.       317     IN      NS      n5b.akamaiedge.net.
>> > b.akamaiedge.net.       317     IN      NS      n1b.akamaiedge.net.
>> > b.akamaiedge.net.       317     IN      NS      n6b.akamaiedge.net.
>> > b.akamaiedge.net.       317     IN      NS      n8b.akamaiedge.net.
>> > b.akamaiedge.net.       317     IN      NS      n0b.akamaiedge.net.
>> > b.akamaiedge.net.       317     IN      NS      n7b.akamaiedge.net.
>> >
>> > ;; ADDITIONAL SECTION:
>> > n1b.akamaiedge.net.     1534    IN      A       208.45.220.25
>> > n2b.akamaiedge.net.     2890    IN      A       208.45.220.24
>> > n4b.akamaiedge.net.     1077    IN      A       96.17.74.217
>> > n5b.akamaiedge.net.     336     IN      A       96.17.74.214
>> > n7b.akamaiedge.net.     1077    IN      A       96.17.74.217
>> > n8b.akamaiedge.net.     792     IN      A       96.17.74.218
>> >
>> > ;; Query time: 88 msec
>> > ;; SERVER: 153.2.244.155#53(153.2.244.155)
>> > ;; WHEN: Sun Sep  4 17:37:55 2011
>> > ;; MSG SIZE  rcvd: 438
>> >
>> > --
>> > | Jeremy Chadwick                                jdc at parodius.com |
>> > | Parodius Networking                       http://www.parodius.com/ |
>> > | UNIX Systems Administrator                   Mountain View, CA, US |
>> > | Making life hard for others since 1977.               PGP 4BD6C0CB |
>> >
>> > On Sun, Sep 04, 2011 at 07:26:02PM -0500, Mark Kierzkowski wrote:
>> > > Is anyone experiencing issues with ups.com site?
>> > >
>> > > Looks like dns servers are not resolving that domain.
>> > >
>> >
>> > > _______________________________________________
>> > > Outages mailing list
>> > > Outages at outages.org
>> > > https://puck.nether.net/mailman/listinfo/outages
>> _______________________________________________
>> Outages mailing list
>> Outages at outages.org
>> https://puck.nether.net/mailman/listinfo/outages
>
>
>
> _______________________________________________
> Outages mailing list
> Outages at outages.org
> https://puck.nether.net/mailman/listinfo/outages
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/outages-discussion/attachments/20110904/d9108665/attachment-0001.html>

More information about the Outages-discussion mailing list