There have been a half dozen folks who said today they could not access Cryptome, but it's accessible from here. And there are only a half dozen blocks of rampaging bots. However, we are in the process of switching the archives to new machines and IP address changes are in the works -- completion due any day now. I had thought that was the problem but at the moment cryptome.org and jya.com still go to the current machine. The reason for the change is that the current machine has been swamped with worms and our ISP, Verio, has not been able to get rid of them, not even with a total wipe of the storage and new programs, nor have any suggestions worked. So two new machines have been rented to try a fresh start. Cryptome on one, jya.com on the other -- heretofore both were on a single machine. Copies of the archives have been transferred, so there are two sets at the moment, the current box and the new ones. New addresses: cryptome.org 161.58.201.197 jya.com 128.121.222.215 We're dreading the ravenous worms coming, and the locust-plague of spiders and bots. We'll see which box gets hit first and from where the predators originate. Oddly, even before we loaded one of the machines its log showed a sustained worm attack of hours long error messages, then the hits ceased, as if worms withdrew to await http prey. Weird shit out there.

jya.com is fine, cryptome.org's dns servers haven't updated. You might well be using old BIND zone files, if your version of BIND was upgraded, make sure you check the SOA section of the zone file, as with newer versions different syntax was used, check out your logs for named errors on startup. Let me know if that makes any sense. --Gabe gabe@lurch:~$ whois cryptome.org Whois Server Version 1.3 Domain names in the .com, .net, and .org domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. Domain Name: CRYPTOME.ORG Registrar: NETWORK SOLUTIONS, INC. Whois Server: whois.networksolutions.com Referral URL: http://www.networksolutions.com Name Server: NS1.SECURE.NET Name Server: NS2.SECURE.NET Updated Date: 01-oct-2001 gabe@lurch:~$ host -a cryptome.org NS1.SECURE.NET Using domain server: Name: NS1.SECURE.NET Address: 192.41.1.10 Aliases: Trying null domain rcode = 0 (Success), ancount=2 The following answer is not authoritative: The following answer is not verified as authentic by the server: cryptome.org 114490 IN NS NS1.SECURE.NET cryptome.org 114490 IN NS NS2.SECURE.NET For authoritative answers, see: cryptome.org 114490 IN NS NS1.SECURE.NET cryptome.org 114490 IN NS NS2.SECURE.NET Additional information: NS1.SECURE.NET 86400 IN A 192.41.1.10 NS2.SECURE.NET 86400 IN A 161.58.9.10 -- "It's not brave, if you're not scared."

Another useful stopgap is the dynamic DNS providers, such as dyndns.org, which give you a third-level domain and convenient tools for updating your information. They're oriented towards the dial/dsl/cablemodem users who want to run web sites and other servers from machines that have dynamic IP addresses - your machine keeps them updated with your current address, so people who connect to yourmachine.theirservice.net get to wherever you are now.

At 05:52 AM 10/03/2001 -0700, John Young wrote:

However, now I learn that Verio uses one DNS server for the two boxes so an attacker needs only to throw one stone to kill both our birds. Grrr. That is what we wanted to avoid.

A smart sales rep assured me that this was the way to go, after I had placed two orders for two machines to keep them separate. No need for that he said, let me tell you a better way. No doubt my simple-minded security method would have been breached by some Verio setup based on its own Japanese government spying principles, which is to say I can't escape being terrorized by Ashcroft.

Domain names are supposed to have at least one primary DNS server and at least one secondary DNS server, and some names will arrange to have more than one secondary. It wouldn't be at all surprising if Verio uses one server as the primary for both names and one as the secondary for both. It's probably worthwhile for you to arrange another secondary - there are crypto-friendly sites that will probably be happy to do so (e.g. toad.com, havenco.com, thebunker.net, etc.)

John Young writes:

We had ordered that the two domains be put on two different boxes, geographically distant, to avoid both sites going down if one was knocked out. Hey, there's WMD about called PATRIOT.

The DNS has redundancy designed into it; there is no real advantage to having a disjoint set of servers for the two domains. You may as well have the widest possible set of servers for both.

However, now I learn that Verio uses one DNS server for the two boxes so an attacker needs only to throw one stone to kill both our birds. Grrr. That is what we wanted to avoid.

That doesn't seem right; traceroutes to both servers indicate that they are likely topologically distant. One appears to be around Washington, DC, and the other somewhere on the west coast.

A smart sales rep assured me that this was the way to go, after I had placed two orders for two machines to keep them separate. No need for that he said, let me tell you a better way. No doubt my simple-minded security method would have been breached by some Verio setup based on its own Japanese government spying principles, which is to say I can't escape being terrorized by Ashcroft.

Indeed so.

Yep, http://cryptome.org The IP address that John sent DOES work, so it is looking like an DNS issue. -Neil ----- Original Message ----- From: "Tim May" To: Sent: Tuesday, October 02, 2001 10:23 PM Subject: Re: cryptome down ?

On Tuesday, October 2, 2001, at 06:28 PM, Neil Johnson wrote:

...

Hmm, I get a "Cannot Find server or DNS error"

I tried from work, and I tried it from home.

Unless John had to ban both due to robot issues.

Oh well.

You sure you're entering cryptome.org, and not cryptome.com?

I jut tried it yet again, 8:20 pm PDT, and it works fine.

--Tim May

I've just tried it from a server in MN, and another one in AL, and, previously, from here in WI. Nada -- it doesn't exiest anymore. "can't find cryptome.org: Non-existent host/domain" -- Harmon Seaver, MLIS CyberShamanix Work 920-203-9633 Home 920-233-5820 hseaver@cybershamanix.com http://www.cybershamanix.com/resume.html