Re: Again ... Re: security.debian.org

To: debian-isp@lists.debian.org
Subject: Re: Again ... Re: security.debian.org
From: Rudy Gevaert <Rudy.Gevaert@UGent.be>
Date: Fri, 30 Mar 2007 11:06:37 +0200
Message-id: <[🔎] 460CD31D.1080109@UGent.be>
In-reply-to: <[🔎] 20070329201403.GA13697@fantomas.sk>
References: <[🔎] 1175112833.3407.14.camel@localhost> <[🔎] 20070328132031.6926911d.raquel@thericehouse.net> <[🔎] 20070328225010.GA11353@ftbfs.de> <[🔎] 1175128049.13934.1.camel@localhost> <[🔎] 20070329103215.250dc1e1.raquel@thericehouse.net> <[🔎] 1175190280.12767.17.camel@localhost> <[🔎] 20070329174829.GE11353@ftbfs.de> <[🔎] 20070329105541.4a094a31.raquel@thericehouse.net> <[🔎] 20070329201403.GA13697@fantomas.sk>

Matus UHLAR - fantomas wrote:

On Thu, 2007-03-29 at 10:32 -0700, Raquel wrote:

This is happening again.  IP #:  128.101.240.212

On Thu Mar 29, 2007 at 13:44:40 -0400, Jim Popovitch wrote:

Yep, I saw it too a bit earlier.  :-(

I wonder if the server is under high load or DDoS attack?

On Thu, 29 Mar 2007 19:48:29 +0200
Martin Zobel-Helas <zobel@ftbfs.de> wrote:

Yesterday evening, the openoffice.org DSA seems have to DDoSed
security.d.o :)


On 29.03.07 10:55, Raquel wrote:

Didn't this happen a few months (maybe a year ago?) back with
another upgrade, where it caused problems with a security server?


yes, it happened with Xfree86 upgrade. 2 new servers were then introduced in
order to prevent this problem from re-appearing.

However this does not _seem_ to be enough, and I guess it's due to "feature"
of glibc, that sorts IP addresses from numerically lowest one to numerically
highest one (so it spoils attempts for DNS load-balancing), so if any program
is the order of addresses returned via gethostbyname() or getnameinfo(), it
tries them always in the following order:

% getent hosts security.debian.org
128.101.240.212 security.debian.org
212.211.132.32  security.debian.org
212.211.132.250 security.debian.org


It doesn't do that:

rgevaert@pimp:~$ getent hosts security.debian.org
212.211.132.250 security.debian.org
128.101.240.212 security.debian.org
212.211.132.32  security.debian.org
rgevaert@pimp:~$ getent hosts security.debian.org
128.101.240.212 security.debian.org
212.211.132.32  security.debian.org
212.211.132.250 security.debian.org

Rudy



--
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Rudy Gevaert          Rudy.Gevaert@UGent.be          tel:+32 9 264 4734
Directie ICT, afd. Infrastructuur ICT Department, Infrastructure office
Groep Systemen                    Systems group
Universiteit Gent                 Ghent University
Krijgslaan 281, gebouw S9, 9000 Gent, Belgie               www.UGent.be
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --

Reply to:

Follow-Ups:
- Re: Again ... Re: security.debian.org
  - From: Matus UHLAR - fantomas <uhlar@fantomas.sk>

References:
- security.debian.org
  - From: Jim Popovitch <jimpop@yahoo.com>
- Re: security.debian.org
  - From: Raquel <raquel@thericehouse.net>
- Re: security.debian.org
  - From: Martin Zobel-Helas <zobel@ftbfs.de>
- Re: security.debian.org
  - From: Jim Popovitch <jimpop@yahoo.com>
- Again ... Re: security.debian.org
  - From: Raquel <raquel@thericehouse.net>
- Re: Again ... Re: security.debian.org
  - From: Jim Popovitch <jimpop@yahoo.com>
- Re: Again ... Re: security.debian.org
  - From: Martin Zobel-Helas <zobel@ftbfs.de>
- Re: Again ... Re: security.debian.org
  - From: Raquel <raquel@thericehouse.net>
- Re: Again ... Re: security.debian.org
  - From: Matus UHLAR - fantomas <uhlar@fantomas.sk>

Prev by Date: Re: Again ... Re: security.debian.org
Next by Date: Re: Again ... Re: security.debian.org
Previous by thread: Re: Again ... Re: security.debian.org
Next by thread: Re: Again ... Re: security.debian.org
Index(es):
- Date
- Thread