Slashdot Mirror

# cat /proc/uptime
1122029.25 1101982.75

The first number is the system uptime in seconds, the second is the number of seconds it's been idle. The number above is from my laptop - 98% idle.

Virtualization is also going to be the way hardware vendors will keep the server price up - suddenly very powerful servers will start making sense. The questions is - who will win - Xen, UML or Linux VServer. We're banking on VServer. :-)

The problem and how it was plugged is given here. As there is no general rule for stopping crackers to gain access though all loopholes, there is no way to completely protect a domain.

Hi, all.

I hate to pop my head up after years of lurking, only when things are going bad, but probably better that than remaining silent.

First of all, I'm going to be bounced from this list once its cache of my DNS times out, which will probably be in about 2-3 hours, so if you have anything to say that you'd like me to see, please copy me. We're temporarily accepting mail at panix.net in addition to panix.com, so use alexis (at) panix.net.

A few points to respond to:

First, Eric, thanks for contacting Bruce and Eric on my behalf. While nothing has happened so far, I hope that it will soon, and in any case I appreciate your efforts to help a total stranger.

Someone asked if we had registrar-lock set. It's not clear to me what happened. Our understanding is that we had locks on all of our domains. However, when we looked, locks were off on panix.net and panix.org, which we own but don't normally use. It's not clear how that happened; dotster has yet to contact us with any information about, well, anything at all. They did answer a call this morning; they're apprently in the middle of an ice storm. All I was able to larn from them is that according to the person I talked to, they had no records of any transfer requests on our domain from today back through last October.

Someone suggested invoking a dispute procedure. We'll do that, as soon as we can get someone to actually accept the dispute, but if it goes through that process to completion, many people will suffer, and Panix itself will be tremendously damaged. How long do you think even our customers will stay loyal? (Forever, for many of them, but that doesn't mean the won't be forced to start using a different service.)

While it's true that MelbourneIT won't do anything before (their) Monday morning, I don't want to paint them as bad guys in this drama. I don't know how they're organized and I don't know how difficult it is for them logistically. Of course I want them to move faster. Much faster. But I'll take what I can get.

And speaking of MIT, I don't intend to send them "nastygrams" - nor NSI either. Neither of them owes me anything (at least directly) and being heavyhanded would not be a good way to get what I want (restoral of the panix.com domain to dotster) even if I thought they deserved it. I expect that there will be criminal prosecutions arising out of this, but the time for that sort of thing is later, when things are back to normal, and we've fixed any systemic vulnerabilities that can be fixed before they're used to wreak mass havoc. And it's anyone's guess who the target of those prosecutions will be, but I doubt MIT or NSI will be among them.

Lastly, someone expressed surprise that I'd call MIT's lawyer directly. I didn't. I spent *hours* trying to find working contact info for MIT and Dotster. I didn't find useful 24-hour NOC-type info anywhere. (Someone obviously has this info; I expect it's restricted to a list of registrars.) I reached Dotster's customer support when they opened for business Saturday morning; the guy was polite, and did what he could, but I saw no evidence whatsoever of the promised attempt to assist me after he got off the phone. MIT apparently has no weekend support at all; I finally located their CEO's cellphone in an investor-relations web page. I caled him, and he had his lawyer call me back. That was his choice. FWIW, she's not "just" a lawyer; she's apparently the person who has to make decisions about reverting control of the domain. So she at least needs to be aware of our position. My impression is that she didn't fully grasp the gravity of the situation, and so treated us like she'd treat any other annoying customer who managed to track her down on her day off. This is somewhat understandable (though infuriating) which is why I'd hoped to talk to someone on their tech side first. No luck there, but if any of this reaches them, maybe that will start things going.

Thanks again to everyone who has tried to help us today.

/a

I don't know about that "They must be guilty - they called the lawyer!" business. From the posting I read it looked like they got a call back from the lawyer because the lawyer would the one in the position to make the decision to call a tech. The suggestion here is more than MIT misunderstood the gravity of the situation rather than deliberately acted with malice. I know in the US (and UK - I'm English) things are a touch more fast-paced, but there's a couple of things that are a touch different over this side of the planet - at least in New Zealand. Firstly, a lot of companies are not open on the weekends. Even the ones that are typically run in a fairly "headless" manner - you might get some guys in the call centre, but you can bet the management have their phones turned off. Why? Well, one of the interesting features of this country is that people are quite horrifyingly overworked, at least compared to the UK. It's quite possible to get a job over here that pays below the British minimum wage that will attempt to get you to work above fifty hours - and we're not talking about a crap job here either, this could be a fairly interesting position at a mid-sized company. As a result of this, when the company finally lets people go home they tend to turn the damn phone off in the hope that nobody is going to call them.

I don't know if this is the case with MIT, but I wouldn't go assuming that they're a front for Al Qaeda/working for Michael Sims/Same-thing-we-do-every-night-Pinky just yet. It's a pretty safe bet they're all just drunk and have yet to figure out what the hell is going on. As for past incidents of a similar nature, you'd better believe there's companies that don't close their procedural loopholes in a hurry. Maybe the responsible parties have just managed to use the same exploit as last time via the same parties because, as mentioned above, everybody is too overworked in other areas to care? Domain registration is not exactly a high-margin business for many.

As this post points out, having hijacked panix.com, MelbourneIT could be logging all userID/password logins to shell.panix.com . So Panix customers should all login to the "temporary" replacement, shell.panix.net , and change their passwords ASAP. Then fly to Melbourne with baseball bats.

What seems to have happened is that somehow the Australian registrar "melbourneIT.com" yanked the fully paid-up registration away from Dotster (where Panix had it) without any notice whatsoever (this violates all the relevant RFCs for the Shared Registration System and the current ICANN policy *and* seems to indicate a severe bug or security problem somewhere in the registration system).

What's particularly scary is that melbourneIT.com isn't open on the weekends, period (though oddly enough they transferred the domain first thing on Saturday, hmmmm) and won't do anything to help. There are lots of ugly details in the NANOG mailing-list archive, particularly in this message from Perry Metzger, this message from Richard Cox, and this message from me, which includes a slimy note from some customer-service flack at Verisign.

This has clearly happened to others in the past, and highlights a serious flaw in the current registry-registrar system. We are not 100% sure how the domain was transferred between registrars with no notice to anyone (though I have some hunches I won't go into here right now) but consider this: a rogue or penetrated registrar can effectively put you out of business for the duration of the ICANN complaint and appeals process, with no notice, and there may be nothing you or anyone else can do about it short of extremely expensive legal action, even if you get law enforcement involved. Yuck.

What seems to have happened is that somehow the Australian registrar "melbourneIT.com" yanked the fully paid-up registration away from Dotster (where Panix had it) without any notice whatsoever (this violates all the relevant RFCs for the Shared Registration System and the current ICANN policy *and* seems to indicate a severe bug or security problem somewhere in the registration system).

What's particularly scary is that melbourneIT.com isn't open on the weekends, period (though oddly enough they transferred the domain first thing on Saturday, hmmmm) and won't do anything to help. There are lots of ugly details in the NANOG mailing-list archive, particularly in this message from Perry Metzger, this message from Richard Cox, and this message from me, which includes a slimy note from some customer-service flack at Verisign.

This has clearly happened to others in the past, and highlights a serious flaw in the current registry-registrar system. We are not 100% sure how the domain was transferred between registrars with no notice to anyone (though I have some hunches I won't go into here right now) but consider this: a rogue or penetrated registrar can effectively put you out of business for the duration of the ICANN complaint and appeals process, with no notice, and there may be nothing you or anyone else can do about it short of extremely expensive legal action, even if you get law enforcement involved. Yuck.

What seems to have happened is that somehow the Australian registrar "melbourneIT.com" yanked the fully paid-up registration away from Dotster (where Panix had it) without any notice whatsoever (this violates all the relevant RFCs for the Shared Registration System and the current ICANN policy *and* seems to indicate a severe bug or security problem somewhere in the registration system).

What's particularly scary is that melbourneIT.com isn't open on the weekends, period (though oddly enough they transferred the domain first thing on Saturday, hmmmm) and won't do anything to help. There are lots of ugly details in the NANOG mailing-list archive, particularly in this message from Perry Metzger, this message from Richard Cox, and this message from me, which includes a slimy note from some customer-service flack at Verisign.

This has clearly happened to others in the past, and highlights a serious flaw in the current registry-registrar system. We are not 100% sure how the domain was transferred between registrars with no notice to anyone (though I have some hunches I won't go into here right now) but consider this: a rogue or penetrated registrar can effectively put you out of business for the duration of the ICANN complaint and appeals process, with no notice, and there may be nothing you or anyone else can do about it short of extremely expensive legal action, even if you get law enforcement involved. Yuck.

What seems to have happened is that somehow the Australian registrar "melbourneIT.com" yanked the fully paid-up registration away from Dotster (where Panix had it) without any notice whatsoever (this violates all the relevant RFCs for the Shared Registration System and the current ICANN policy *and* seems to indicate a severe bug or security problem somewhere in the registration system).

What's particularly scary is that melbourneIT.com isn't open on the weekends, period (though oddly enough they transferred the domain first thing on Saturday, hmmmm) and won't do anything to help. There are lots of ugly details in the NANOG mailing-list archive, particularly in this message from Perry Metzger, this message from Richard Cox, and this message from me, which includes a slimy note from some customer-service flack at Verisign.

This has clearly happened to others in the past, and highlights a serious flaw in the current registry-registrar system. We are not 100% sure how the domain was transferred between registrars with no notice to anyone (though I have some hunches I won't go into here right now) but consider this: a rogue or penetrated registrar can effectively put you out of business for the duration of the ICANN complaint and appeals process, with no notice, and there may be nothing you or anyone else can do about it short of extremely expensive legal action, even if you get law enforcement involved. Yuck.

Ask the North American Operator's Group They are just starting to comment on this item but, other than participating in blacklists like SPEWS, they don't seem to have as much clout as one would expect (or at least hope). Hmmm, maybe is story is evidence that it may be changing?

Interesting, looks like maybe Paul Vixie reads slashdot too (or maybe he surfs the BBC all day?).

Ask the North American Operator's Group They are just starting to comment on this item but, other than participating in blacklists like SPEWS, they don't seem to have as much clout as one would expect (or at least hope). Hmmm, maybe is story is evidence that it may be changing?

Interesting, looks like maybe Paul Vixie reads slashdot too (or maybe he surfs the BBC all day?).

The case documents are entertaining reading. See especially paragraph 11 of this filing, the "offer you can't refuse": "In fact Alex Rubenstein essentially asked me when I was going to give up, sell the business to him, and come to work for NAC".

This is all so New Jersey.

Haven't seen this mentioned here already, but a small update is that according to a later NANOG post, ARIN's legal eagles will be taking up this case.

This is good news.

More discussion from the ISP can be found here

The most obvious question is who is the cybersquating moron who thinks he can (apparently for the moment) get the legal system to aid and abet in his absconding with a level of control he is contractually--and perhaps legally, depending on how specific ARIN's legal basis for controlling the distribution of IP blocks is--supposed to be prohibited from doing in the first place? Does anyone have access to the actual court documents, either on-line (Lexus anyone?) or in person?

Shirley we have at least one slashdotter in that neck of the woods in Jersey, yes?

I spent half my day yesterday reading the NANOG thread related to this. Knew I should have submitted it. =)

Anyways, the customer wanted to avoid renumbering their network computers. Their argument was that there is a significant amount of inconvenience involved in renumbering their network. (Yes, we all know how easy it would be to use a NAT. The judge obviously does not.) The original NANOG discussion started here.

I think they were also leveraging a supposed anti-competitiveness nature to non-portable IP space. Yes, that's right. One of a bajillion ISP's is hurting competition by following the globally accepted rules of the Internet that is the foundation of CIDR.


--LordPixie

From NANOG mailing list again:

Google pulled references for akamais dns servers a short period ago. they are presently serving their own dns requests.

Also:

People seem to be getting around this by changing their DNS entries.

E.g. www.yahoo.com always used to be a CNAME for www.yahoo.akadns.net. But
now:

# host www.yahoo.com
www.yahoo.com is an alias for www.dcn.yahoo.com.
www.dcn.yahoo.com has address 216.109.118.64
www.dcn.yahoo.com has address 216.109.118.65
www.dcn.yahoo.com has address 216.109.118.66
www.dcn.yahoo.com has address 216.109.118.67
www.dcn.yahoo.com has address 216.109.118.68
www.dcn.yahoo.com has address 216.109.118.69
www.dcn.yahoo.com has address 216.109.118.70
www.dcn.yahoo.com has address 216.109.118.71
www.dcn.yahoo.com has address 216.109.118.72
www.dcn.yahoo.com has address 216.109.118.73
www.dcn.yahoo.com has address 216.109.118.74
www.dcn.yahoo.com has address 216.109.118.75

Which is owned by Yahoo! (via HotJobs.com).

From NANOG:

From here neither www.google.com, nor www.apple.com work. Both seem to return CNAMES to akadns.net addresses (eg, www.google.akadns.net, www.apple.com.akadns.net), and from here all of the akadns.net servers listed in whois are failing to respond.

from a nanog post Avi In WSOP

Avi is from Akamai, so there is geek for ya :)

NANOG Archieve

Rus

It's been my experience that the idiots are the ones making the purchasing decisions, hence the nature of the advertising.

• Product A -- Claims to be 73% good.
• Product B -- Claims to be 96% good.
• Product C -- Claims to be 99.999% good.
• Product D -- Claims to be 100% good.

But if you see a big brand name (Microsoft, Cisco, Intel, etc.) on product C, you might say "Well, it isn't 100%, and they are a good company. Maybe it's the truth. Of course, claiming to be Product C happens, and that's where the trap is.

It might be that you are looking at Microsoft statement claiming "5 nines" of 99.999% uptime (that's down for 5 minutes each year). Or Sun claiming the same 99.999%. Or Cingular Wireless claiming 99.999% reliable networks, excluding several days of downtime that they must not factor into their percentage. Maybe it's that 99.999% pure copper speaker cable you were looking for. (For the chemists, here's a site where you can buy over a dozen other '99.999% pure metal' wires.) Lots of people get caught into that.

In some cases it really is justified. If I were a chemist, maybe having iridium wire that is only 99.9% pure might cause problems, and those extra 9's might be significant. But that usually isn't the case for most marketing.

But I don't think it's just a PHB issue, it's a problem of 'I really want the best, and I only want to spend 5 minutes to find out which one that is'.

frob

When the previous /. story was posted about the TCP flaw, I checked out the NANOG mailing list.

There was plenty of discussion about it, including various vendor issues (Cisco and Juniper) & fixes, as well as some ISPs dragging their feet on implementing MD5 over peer links. I could tell from some of the things mentioned there that they (the network ops) had advance knowledge of the vulnerability.

Most interesting was this about looking glasses being too free with info that would allow a TCP reset in one try.

When the previous /. story was posted about the TCP flaw, I checked out the NANOG mailing list.

There was plenty of discussion about it, including various vendor issues (Cisco and Juniper) & fixes, as well as some ISPs dragging their feet on implementing MD5 over peer links. I could tell from some of the things mentioned there that they (the network ops) had advance knowledge of the vulnerability.

Most interesting was this about looking glasses being too free with info that would allow a TCP reset in one try.

NANOG this past week has had to deal with "h4r 3y3 j4m an 3fnet p4ck3tm0nk3y" bs. What I don't understand is how some people download and install something without checking exactly what it is. Look at the spyware situation: "Click here for a free weather clock" It should be obvious that there is no such thing as free. Everything has some form of price. What I find most alarming, is that most corporations - Symantec, Network Associates, and the major Windows based antivirus makers including Microsoft who has not got there act togeter - unleash errata of mass destruction. "Buy this patch/firewall/antivirus foo foo foo product to protect you now!" Why not release some Macromedia Flash like tutorial along with their products to educate users about the dangers of downloading unnecessary 'tools/products/virtuagirls/etc' and how to protect themselves from these thing... I'm willing to bet if some company did something like this, most of these annoyances would drop big time

Link to NANOG thread

Serial numbers only affect master-slave communication (and selfwritten scripts violating rfcs), but all masters and slaves for .com & .net belong to VS. See Paul Vixies reply to the same question on NANUG.

/graf0z.

No, it isn't offtopic if you had RTFA. The new format will be the UTC time at the moment of zone generation encoded as the number of seconds since the UNIX epoch. (00:00:00 GMT, 1 January 1970.)

1:50 Are you smoking the same crack as SCO? In my company we run comparable to that and we support a region that is five hours from one end to the other. Where did you get that number????? We run anywhere from 1:200 to 1:600 on our support model.

Basically, I didn't just pull these numbers out of my butt. According to this article ratios from 1:30-125 are realistic in business depending on type of use. Also, this breakdown comes up with a 50:1 ratio. Do some research and you'll find most studies recommend a *maximum* ratio of 1:100 for businesses.

On the other end, in education, this study found school district tech staff ratios averaged "1:250-1:350" with some larger districts having as high as 1:1315 ratio!

So, just because you chose to send a knee-jerk reply based on your narrow sample (one business) doesn't mean your results are at all typical. BTW, the same study shows *some* schools with as low as 1:20 to 1:125 ratio (dependant partially on school district size) but they also say these are mostly charter schools and do not represent the typical public school district. And besides, I did say "average" and not "all" when talking about both business and education staffing.

An important point is that this is a PC-to-support ratio, not user-to-support. The school environment, by neccessity, creates a VERY high user-to-support ratio. Based on my own experience, I have to agree completely with the study's findings that "Very little staff is dedicated to directly assisting teachers with the use of technology to enhance their teaching. This probably means that available hardware and software are underutilized or inefficiently utilized, and that technology-related academic expectations for the district are either limited or not fully achieved."

This has been talked about for a bit. Check out this thread. Also, Nanog has an ongoing discussion about this DNS technique starting here.

I remember seeing one of AT&T's agents concerned about the amount of E-Mail being generated from the site and posted it on NANOG (North American Network Operators Group) which you can see here. I don't really think that there is any "shady" tactics going on here, I think it's more for one of their in house monitoring apps, especially considering the amount of traffic that they received initially.

I remember seeing one of AT&T's agents concerned about the amount of E-Mail being generated from the site and posted it on NANOG (North American Network Operators Group) which you can see here. I don't really think that there is any "shady" tactics going on here, I think it's more for one of their in house monitoring apps, especially considering the amount of traffic that they received initially.

"I just innovated 4 of my domains over to another registrar."

To quote NANOG: Wildcard this

if they want it then give it to them (closer to the application level). As suggested on nanog Squid is your friend..

Here is the start of a thread on the NANOG mailinglist:

http://www.merit.edu/mail.archives/nanog/msg14917. html

Just goes to show how pissed people really are.....

dorkslayers.com did not have NS records in the GTLD zone when Verisign added the wildcard records. The was quite a popular topic among mail administrators shortly after the wildcards were added. There's discussion about it here on the NANOG list, and here on the SpamAssassin discussion mailing list, and here in comp.mail.sendmail, and here in news.admin.net-abuse.email. There are others but these are the ones I frequent.

That said since dorkslayers.com (spelled it right this time) didn't have any NS records in the root GTLD when Verislime added the wildcards .com/.net all queries for the dorkslayers.com domain resulted with a positive response. This included any and all queries for anything hosts and subdomains. To use your example, randomjunk.dorkslayers.com would in fact have resolved to 64.94.110.11 before Bill, the dorkslayers.com owner, re-registered NS servers for dorkslayers.com.

There is another gentleman on the NANOG mailing list that has mentioned more than once since the Verislime incident that he has a client with a domain in use that somehow has gotten left out of the GTLD .com zone. I don't remember his name and I don't really want to sort through the lengthy threads about Verisign to find the posts. They are in the archives though. He discussed the lengths he's gone to to try and get Verisign to fix the problem in excrutiating detail. It sounded like he wasn't having much fun.

Let me make sure I answered all your points for my own sanity's sake. Paragraph 1, check. Paragraph 2, check. Paragraph 3, check. Paragraph 4, check. And Paragraph 5, clarified. Hope that helps.

Call 0800-032-2101 and select option 2 for Support.

Explain to the engineer that you have typed in an non-existant domain name and
been directed to their sitefinder service.

Explain that you have read the "Terms of Use" and do not agree to abide by
them.

Explain that, as you don't agree to the ToU, you are explicitly forbidden from
using their service.

Ask them to exclude your IP block from those that will be given the sitefinder
IP rather than NXDOMAIN.

Give them your name, company (if appropriate) and a contact telephone number.

If ya'll are interested in real technical discussion about Verislime's actions and the damage it has caused then I encourage you to read the archives of the North American Network Operators mailing list for the past week or so. I would not recommend joining the list and asking questions though. The list is comprised of professionals who really don't have time for novice questions. Not to sound harsh but that's the truth. The list FAQ points it out as well (see #3).

It's also my interpretation that their * actions are in violation of other U.S. laws. I'm not alone on that interpretation, as GoDaddy and Netster are taking action to sue.

Good call. This is actually a response to a previous, more limited proposal along similar lines, which was to perform this kind of wildcard resolution but only for domain names containing characters with high-order bits set. Since domain names don't contain such characters, the intent of the earlier proposal made a tiny kernel of rational sense; browsers could insert such a byte in order to permit special handling of failed lookups. But the current, general scheme is simply madness. And the IAB didn't even like the limited scheme! I guess someone at Verisign decided to make a point forcefully. Internet governance by saber-rattling...sigh It was fun while it lasted.

but couldn't this be the thin end of the wedge towards technologically mediated censorship?

Nope, no chance of that. You hace to actively define the zones for delegation-only.

From a post by Paul Vixie:

> And make it default configuration for new bind releases...

never. not for your example, nor for any set of tld's. the default for
bind will be what it's always been -- to respect the autonomy of the
zone administrator/publisher. overriding that autonomy has to be a
local act by a local name server administrator who is fully conscious of
the impact of their configuration change. once, with "check-names", isc
was accused of "legislating from the bench". never again.

The North American Network Operators' Group has two ongoing threads ('What *are* they smoking' and 'Change to .com/.net behavior') with further discussion on this topic.

The North American Network Operators' Group has two ongoing threads ('What *are* they smoking' and 'Change to .com/.net behavior') with further discussion on this topic.

>...you can fairly easily cut down on the damage being done by blocking all incoming ICMP traffic at your packet filtering bridge/router.
>Sure, traceroute is nice, but things like this mean it's just not worth the ICMP overhead.

Dropping all ICMP traffic is a bad habit to get into . ICMP is necessary for ip fragmentation and path maximum transmission unit discovery to work properly. You will break things if you drop it.

>...you can fairly easily cut down on the damage being done by blocking all incoming ICMP traffic at your packet filtering bridge/router.
>Sure, traceroute is nice, but things like this mean it's just not worth the ICMP overhead.

Dropping all ICMP traffic is a bad habit to get into . ICMP is necessary for ip fragmentation and path maximum transmission unit discovery to work properly. You will break things if you drop it.

This is currently being discussed on NANOG (where it's an offtopic favorite). I highly recommend this list for peeks and views into the people who keep this Internet thing working.

In the discussions yesterday and today, there's been a lot of talk about how to "bootstrap" this new protocol. There are interesting discussions of the business ramifications of being an early adopter of something like this -- very sililar to those for IPv6.

It's been said by far wiser people than me: spam is a social problem, and it must have a social cure. Any solution which does not respect these two facts is doomed to failure.

To save you all some hassles when you're trying to figure out *why* you haven't gotten your emails...

Donotcall.gov has no MX records. No reverse DNS on any of their outbound mail boxes. And they obviously are not processing bounces/complaints/etc. since nothing on that netblock has port 25 open.

It's really sad because one of the guys from AT&T Government services posted in NANOG this week looking for advice on getting his emails through.

a couple of weeks ago. Not this particular article, but a little write-up with some nice links (rejected, of course).

Links:
In your face hijacking

Current list of possible bogus bgp routes

Oh, well.

The situation on 223/8 and its reservation was such that any RIR being allocated it would have done the same.

http://www.merit.edu/mail.archives/nanog/2003-03/m sg00535.html

Maybe APNIC shouldn't be so picky about its allocations, hm?

A Thread on the NANOG list from Tuesday quotes Al Jazeera tech staff indicating that at that time they realized that they were under a DDoS attack.

The footage with offending video of US POWs was aired, I believe, on Sunday on Al Jazeera's satellite TV service. www.aljazeera.net (the Arabic site) was available all day Monday, and could be accessed in English through any of several translation sites, and to the best of my knowledge, contained at most a few still photos of dead soldiers, although I didn't see any when I browsed their news. Nor was it regularly being shown on their TV feed which could be viewed at that time as streaming video at http://winmedia.ish.de/al-jazeera.

Monday Al Jazeera also started its English language website at english.aljazeera.net, although I didn't find out about this until it was too late to see it.

At that time the only functional nameserver for aljazeera.net (the parent domain for both English and Arabic versions of the site) was at Dataport in NJ, and as of Tuesday morning, access to this server was administratively blocked at Dataport's firewall. Through calls to Dataport I learned that yes, the name server was accessable from within Dataport's network, and that administrative blocking of the nameserver was not a matter they would discus with me, referring me instead directly to Al Jazeera. The secondary nameserver for aljazeera.net is in France, and according to my colo provider who keeps tabs on these kinds of things, it's been inoperative for a while.

I contacted Pat Berry at the EFF who told me about the thread on NANOG, and at that point it looked as if possibly Dataport was working to resolve the DDoS problem - possibly also directed against them, I don't know. According to Pat, english.aljazeera.net was intermittantly available on Tuesday, after Dataport re-opened their firewall, but I wasn't able to get to it.

On Wednesday, the root DNS servers removed Dataport's name server for aljazeera.net and replaced it with one managed by AT&T Global Network Services in France. I have no idea whether this was the result of a request by Al Jazeera in an attempt to clear up the problem, or a result of Dataport explicitly deciding to stop hosting their nameserver. Apparently english.aljazeera.net is or was also hosted at Dataport in NJ. The new name server in France is not pingable, for what reason I have no idea, and to the best of my knowledge has never been pingable from either the US or Europe. I also note that the video gateway for Al Jazeera in Arabic at http://winmedia.ish.de/al-jazeera (Germany) is also now unavailable.

Whether all of this is the result of a coordinated hack (and DDoS attack), a domino effect from too much traffic, or something more sinister I don't know. Supposedly, according to word from people at the English web service, this is just the result of a traffic overload, and that it started Monday, but this contradicts the information on the NANOG list. The whole thing is beginning to smell rather distinctly of rat. There are people, whose opinions I respect, who claim that Al Jazeera is little more than a mouthpiece for Al Qaeda, but others disagree, and I know that Al Jazeera has been an excellent source of news on things such as ongoing deliberations at the UN regarding the war in Iraq which aren't being covered in the US press at all. It's a shame. It looks as if Al Jazeera may have become a cyber-war casualty.

Knowledge is power, and truth is the first casualty in wartime.

He uses the idea of emergent structure. To quote, " if all (or even most) players expect other players to act in a certain way, a predictable pattern of behavior emerges which becomes compelling for all players. This is the way all organizations work."