[Outages-discussion] www.dns-ok.us down

Frank Bulk frnkblk at iname.com
Fri Jul 6 14:15:07 EDT 2012


Did you use Shadowserver's feed?  We started getting info in November, I
believe, and whittled it down from about a dozen to one.

Frank

-----Original Message-----
From: outages-discussion-bounces at outages.org
[mailto:outages-discussion-bounces at outages.org] On Behalf Of Eric J
Esslinger
Sent: Friday, July 06, 2012 12:48 PM
To: 'outages-discussion at outages.org'
Subject: Re: [Outages-discussion] www.dns-ok.us down

We verified one a while back, who had already had the problem fixed when the
FBI sent us the physical mail.  Concidering number of internet customers in
the US vs our internet customers with known number of US subsribers affected
at it's height, I figure if the percentages are good we've taken care of
several times the number of likely cases on our network with that one
customer.
*wink*
I'm told by various sources to expect similar stories on the nightly
national news programs tonight, with a similar 'call your isp' ending.
I've also heard the site IS reachable via ipv6 and they are dealing with the
load issues as we speak (and some people are getting through, albiet
slowly).

I'm pretty comfortable about my network; I've been catching dns lookup
destinations from my users for months (not contents, just destination ip's)
and the list of outside addresses covers most of the well know public dns
servers (open dns, google, etc...) with the exception of a handful that seem
to be running their own full blown recursive caching servers, which go
everywhere looking for authoritative lookups. (One I knew about, he
complains because I won't allow his basic cable account act as an open
server for his DNS when he's out of town. If he wants a static IP I can
arrange opening the port, till then... He is always welcome to VPN into his
home network as well.)

Been having callers look up their IP, then checking the query logs to see if
they hit our dns servers. So far I'm at 100%

I thought of whipping up a script for my recursive DNS servers to setup a
webpage to let them see if they were accessing those servers, but I just
don't have time right now (fiscal year just started and everyone wants their
projects done 'now'.)

__________________________
Eric Esslinger
Information Services Manager - Fayetteville Public Utilities
http://www.fpu-tn.com/
(931)433-1522 ext 165



> -----Original Message-----
> From: outages-discussion-bounces at outages.org
> [mailto:outages-discussion-bounces at outages.org] On Behalf Of
> Bradley Jordan
> Sent: Friday, July 06, 2012 12:24 PM
> To: outages-discussion at outages.org
> Subject: Re: [Outages-discussion] www.dns-ok.us down
>
>
> CNN is only claiming that 70K users in the US are estimated
> to be affected.
>
> On Jul 6, 2012, at 10:04 AM, Frank Bulk wrote:
>
> > I received an email this morning from a legitimate company peddling
> > their DNS Trojan Remover support services. =)
> >
> > Frank
> >
> > -----Original Message-----
> > From: outages-bounces at outages.org
> [mailto:outages-bounces at outages.org]
> > On Behalf Of Eric J Esslinger
> > Sent: Friday, July 06, 2012 11:40 AM
> > To: 'outages at outages.org'
> > Subject: [outages] www.dns-ok.us down
> >
> > As per subject, the DNS Changer Working Group (DCWG) site
> for the US
> > is down atm. Also another very probably related issue;
> Foxnews, CNN,
> > and MSNBC have all apparantly run stories in the last few
> hours about
> > how the internet end is nigh, everyone is infected, and if you have
> > any questions call your isp. (Hype levels varied per
> channel, I'm told
> > as well).
> >
> > __________________________
> > Eric Esslinger
> > Information Services Manager - Fayetteville Public Utilities
> > http://www.fpu-tn.com/ (931)433-1522 ext 165
> >
> > This message may contain confidential and/or proprietary
> information
> > and is intended for the person/entity to whom it was originally
> > addressed. Any use by others is strictly prohibited.
> >
> > _______________________________________________
> > Outages mailing list
> > Outages at outages.org https://puck.nether.net/mailman/listinfo/outages
> >
> >
> > _______________________________________________
> > Outages-discussion mailing list Outages-discussion at outages.org
> > https://puck.nether.net/mailman/listinfo/outages-discussion
>
>
> _______________________________________________
> Outages-discussion mailing list
> Outages-discussion at outages.org
> https://puck.nether.net/mailman/listinfo/outages-discussion
>

This message may contain confidential and/or proprietary information and is
intended for the person/entity to whom it was originally addressed. Any use
by others is strictly prohibited.

_______________________________________________
Outages-discussion mailing list
Outages-discussion at outages.org
https://puck.nether.net/mailman/listinfo/outages-discussion




More information about the Outages-discussion mailing list