[Dshield] SCO still blocked by xo.net

John Sage jsage at finchhaven.com
Mon Feb 2 14:52:05 GMT 2004


hmm... No, at least "no" right now, from right here:

On Mon, Feb 02, 2004 at 07:26:29AM -0500, Lauro, John wrote:
> Date: Mon, 2 Feb 2004 07:26:29 -0500
> From: "Lauro, John" <jlauro at umflint.edu>
> To: "General DShield Discussion List" <list at dshield.org>
> Subject: [Dshield] SCO still blocked by xo.net
> 
> Sometime over the night, SCO has changed the IP address of SCO.COM, so
> that it (SCO.COM) is now reachable despite XO.NET's block.  (and I was
> testing directly with SCO's name servers...)
> 
> They did not change the address of calderasystems.com (checked with
> calderasystem's name servers), and so it is still blocked by XO.NET.
> I wonder if XO did that on it's own, or in cooperation with SCO...  If
> not in cooperation, I wonder if SCO will sue XO.NET and/or whoever
> their ISP is...  This would be a more legitimate case then going after
> Linux.
> 
> Half the links on SCO.COM still point to WWW.SCO.COM, so their site is
> still "crippled".

A traceroute from Seattle WA gets as far as it did 24 hours ago: to
what many think is the handoff from xo.net into SCO's own network:

 1  greatwall (192.168.1.2)  10.590 ms  56.027 ms  3.633 ms
 2  10.130.176.1 (10.130.176.1)  179.188 ms  10.460 ms  8.123 ms
 3  12.244.82.65 (12.244.82.65)  8.861 ms  8.844 ms  12.272 ms
 4  12.244.64.1 (12.244.64.1)  11.625 ms  9.158 ms  10.052 ms
 5  12.119.199.21 (12.119.199.21)  15.706 ms  16.425 ms  13.892 ms
 6  gbr1-p20.st6wa.ip.att.net (12.123.44.146)  10.109 ms  11.074 ms  9.165 ms
 7  tbr1-p012501.st6wa.ip.att.net (12.122.12.157)  12.301 ms  16.663 ms  17.660
ms
 8  tbr2-cl1.sffca.ip.att.net (12.122.12.113)  30.131 ms  27.225 ms  26.324 ms
 9  ggr1-p370.sffca.ip.att.net (12.123.13.69)  26.732 ms  28.289 ms  31.053 ms
10  p14-0.IR1.PaloAlto-CA.us.xo.net (206.111.12.145)  28.253 ms  28.221 ms  29.428 ms
11  p5-2-0.RAR2.SanJose-CA.us.xo.net (65.106.5.177)  28.636 ms  30.592 ms  29.897 ms
12  p6-0-0.RAR1.LA-CA.us.xo.net (65.106.0.17)  37.025 ms  39.498 ms  34.614 ms
13  p0-0-0-0.RAR2.LA-CA.us.xo.net (65.106.1.50)  41.420 ms  37.581 ms  36.662 ms14  p4-0-0.MAR2.SaltLake-UT.us.xo.net (65.106.5.74)  71.232 ms  69.498 ms  98.209 ms
15  p15-0.CHR1.SaltLake-UT.us.xo.net (207.88.83.46)  68.556 ms  116.032 ms  70.237 ms
16  205.158.14.114.ptr.us.xo.net (205.158.14.114)  68.760 ms  80.279 ms  70.288
ms
17  * * *
18  * * *
19  *



But discussion on the NANOG (North America Network Operators Group)
maillist suggest that, despite what SCO has said, SCO is not actively
being blocked by any, or by very very few, ISP/network operators.

SCO itself seems to be playing mostly DNS games.

Here's the (at-moment) DNS record for sco.com, from ns.calderasystems.com:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3227
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 4, ADDITIONAL: 5
 
;; QUESTION SECTION:
;sco.com.                       IN      ANY
 
;; ANSWER SECTION:
sco.com.                21600   IN      SOA     ns.calderasystems.com. hostmaster.caldera.com. 2004020105 3600 900 604800 1800
sco.com.                60      IN      A       216.250.128.21
sco.com.                60      IN      MX      10 mail.ut.caldera.com.

/* TTL of 60 seconds means changes would take place very quickly */

sco.com.                21600   IN      NS      ns2.calderasystems.com.
sco.com.                21600   IN      NS      nsca.sco.com.
sco.com.                21600   IN      NS      c7ns1.center7.com.
sco.com.                21600   IN      NS      ns.calderasystems.com.
 
;; AUTHORITY SECTION:
sco.com.                21600   IN      NS      ns.calderasystems.com.
sco.com.                21600   IN      NS      ns2.calderasystems.com.
sco.com.                21600   IN      NS      nsca.sco.com.
sco.com.                21600   IN      NS      c7ns1.center7.com.
 
;; ADDITIONAL SECTION:
mail.ut.caldera.com.    60      IN      A       216.250.130.2
ns.calderasystems.com.  3600    IN      A       216.250.130.1
ns2.calderasystems.com. 3600    IN      A       216.250.130.5
nsca.sco.com.           21600   IN      A       132.147.210.253
c7ns1.center7.com.      159360  IN      A       216.250.142.20
 
;; Query time: 281 msec
;; SERVER: 216.250.130.1#53(ns.calderasystems.com)
;; WHEN: Mon Feb  2 06:27:41 2004
;; MSG SIZE  rcvd: 353


Note the TTL of 60 seconds. SCO is reserving the means to diddle with
its DNS records on very short notice.


And here's www.sco.com:

; <<>> DiG 9.2.1 <<>> @ns.calderasystems.com any www.sco.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 30674
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
 
;; QUESTION SECTION:
;www.sco.com.                   IN      ANY
 
;; AUTHORITY SECTION:
sco.com.                1800    IN      SOA     ns.calderasystems.com. hostmaster.caldera.com. 2004020105 3600 900 604800 1800
 
;; Query time: 276 msec
;; SERVER: 216.250.130.1#53(ns.calderasystems.com)
;; WHEN: Mon Feb  2 06:28:19 2004
;; MSG SIZE  rcvd: 102


So ns.calderasystems.com would be authoritative for www.sco.com, but
it's saying that it knows nothing about it.


- John
-- 
"Mad cow? You'd be mad too, if someone was trying to eat you."




More information about the list mailing list