DAL Emergency Calls The US State Dept [re: TLSA lookup]
the US State Dept had a phone number for journalists to contact. It has since been removed ... interpret the ... significance
https://www.youtube.com/watch?v=HQA4vwynYhY https://www.youtube.com/watch?v=3IiBYJCd-Rw https://www.youtube.com/watch?v=C3DWoKspEs0 https://www.youtube.com/watch?v=HO17B-ACRn0 https://www.youtube.com/watch?v=AByemfK_qD4 https://www.youtube.com/watch?v=ffxVap-1L1Y https://www.youtube.com/watch?v=7ZmP605cKdQ https://archive.org/details/HowtoUse1927 https://duckduckgo.com/?iar=videos&iax=videos&ia=videos&q=how+to+record+phone+calls Once you figure it all out, be sure to upload the recording and post the link here.
I should clarify, I already know these four things, "25 means SSL" and "$ dig +short mx state.gov" and "their server is misconfigured" and "bureaucrats operating on behalf of powerful people make it hard for rando freelancers to ask them questions." Simply saying those four things, isn't the slam-dunk tech bros think it is. If anybody can usefully provide history/context/implications for TLSA errors, including the fact that nothing further can really be discerned technically, if that is such a fact, then go for it. Or as the Vietnamese anarchist told the US celebrity activist when he asked about attentats, "go pho it." Doug
On Mon, Oct 25, 2021, 3:45 AM Douglas Lucas <dal@riseup.net> wrote:
I should clarify, I already know these four things, "25 means SSL" and
please speak clearly, that makes no sense; did you make an error?
"bureaucrats operating on behalf of powerful people make it hard for rando freelancers to ask them questions."
helpful information, technologists don't always think of this including the fact that nothing further can really be discerned
technically
Ow, that's never true, and likely millions of people are believing it. it. Or as the
Vietnamese anarchist told the US celebrity activist when he asked about attentats, "go pho it."
pho -> photo . we need clear complete logs to diagnose, discuss, and pressure issues.
On Sun, 24 Oct 2021 22:50:29 -0700 Douglas Lucas <dal@riseup.net> wrote:
I should clarify, I already know these four things, "25 means SSL"
no it doesn't. 25 is the port for smtp arpanet search for TLSA https://en.wikipedia.org/wiki/TLSA DNS-based Authentication of Named Entities and funny how the arpanet works - you're already indexed! https://old.reddit.com/r/techsupport/comments/qf6w0o/meaning_of_tlsa_lookup_...
There are further questions on the reddit link.
- How often do the TLSA lookup errors happen at large organizations?
It is a serious error that should be immediately fixed by all responsible parties. Like the water not working. Your questions are both good and irritating. They are important and rarely asked. The proper response in my universe is to find the technicians and groups responsible and inform them of the details until it is fixed. Usually started at normal points of contact for the organizations involved. i.e. millenial hobby sysadmin culture. Sometimes they offer you a job in the process. Data gathering is helpful too. Governments have historically needed help with technical things. Dunno what the case is now. The domain name probably has a technical contact listed in its registration.
On Sun, 24 Oct 2021 22:50:29 -0700 Douglas Lucas <dal@riseup.net> wrote:
I should clarify, I already know these four things, "25 means SSL"
furthermore telnet stimson.state.gov 25 telnet: can't connect to remote host (169.252.4.132): No route to host telnet stimson.state.gov 80 connects so, at face value, nothing is listening on port 25
furthermore
telnet stimson.state.gov 25 telnet: can't connect to remote host (169.252.4.132): No route to host
telnet stimson.state.gov 80 connects
so, at face value, nothing is listening on port 25
0.o is that a real log? The error message pertains to the host, not the port. I'm having experiences like that, too.
On Mon, 25 Oct 2021 15:45:59 -0400 Karl Semich <0xloem@gmail.com> wrote:
furthermore
telnet stimson.state.gov 25 telnet: can't connect to remote host (169.252.4.132): No route to host
telnet stimson.state.gov 80 connects
so, at face value, nothing is listening on port 25
0.o is that a real log?
The error message pertains to the host, not the port.
that's what busybox's telnet says. Python says socket.error: [Errno 113] No route to host so it looks like the idiotic message "no route to host" means : can't connect to x.x.x.x:port -- so the error message pertains to the host:port combination and it's badly worded.
I'm having experiences like that, too.
On Mon, Oct 25, 2021, 4:24 PM Punk-BatSoup-Stasi 2.0 <punks@tfwno.gf> wrote:
On Mon, 25 Oct 2021 15:45:59 -0400 Karl Semich <0xloem@gmail.com> wrote:
furthermore
telnet stimson.state.gov 25 telnet: can't connect to remote host (169.252.4.132): No route
to
host
telnet stimson.state.gov 80 connects
so, at face value, nothing is listening on port 25
0.o is that a real log?
The error message pertains to the host, not the port.
that's what busybox's telnet says. Python says
socket.error: [Errno 113] No route to host
so it looks like the idiotic message "no route to host" means : can't connect to x.x.x.x:port -- so the error message pertains to the host:port combination and it's badly worded.
usually "no route to host" is from the x.x.x.x but is unrelated to the port. it's possible it could appear related to the port due to random timing or something could be intentionally triggering the not-usually-port-related error only attempts to connect to the port were made maybe routing has changed in the past ten years?
I'm having experiences like that, too.
On Mon, 25 Oct 2021 16:54:56 -0400 Karl Semich <0xloem@gmail.com> wrote:
usually "no route to host" is from the x.x.x.x but is unrelated to the port.
I never really checked, but like I said, at first sight, it looks like it IS related to the port. I'm not going to bother looking at the manual, but you can if you want. It's error 113... At any rate, from here the 'host' is fine and there's nothing on port 25, or it's rejecting connections on port 25 and giving a misleading error on purpose. Second option is less likely.
it's possible it could appear related to the port due to random timing
or something could be intentionally triggering the not-usually-port-related error only attempts to connect to the port were made
yes. So you can try connecting. Since you're in the US you won't be discriminated based on country.
maybe routing has changed in the past ten years?
nah, it still is all the old arpanet stuff.
I'm having experiences like that, too.
On Mon, Oct 25, 2021, 5:24 PM Punk-BatSoup-Stasi 2.0 <punks@tfwno.gf> wrote:
On Mon, 25 Oct 2021 16:54:56 -0400 Karl Semich <0xloem@gmail.com> wrote:
usually "no route to host" is from the x.x.x.x but is unrelated to the port.
I never really checked, but like I said, at first sight, it looks like it IS related to the port. I'm not going to bother looking at the manual, but you can if you want. It's error 113...
At any rate, from here the 'host' is fine and there's nothing on port 25, or it's rejecting connections on port 25 and giving a misleading error on purpose. Second option is less likely.
it's possible it could appear related to the port due to random timing
or something could be intentionally triggering the
not-usually-port-related
error only attempts to connect to the port were made
yes. So you can try connecting. Since you're in the US you won't be discriminated based on country.
$ telnet stimson.state.gov 25 Trying 169.252.4.133... Connected to stimson.state.gov. Escape character is '^]'. 554-stimson.state.gov 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means. Connection closed by foreign host. Usually when a port isn't responding you'll get "timed out", "closed", "rejected" . port 79 times out for me. dunno.
maybe routing has changed in the past ten years?
nah, it still is all the old arpanet stuff.
I'm having experiences like that, too.
On Mon, 25 Oct 2021 17:32:26 -0400 Karl Semich <0xloem@gmail.com> wrote:
yes. So you can try connecting. Since you're in the US you won't be discriminated based on country.
$ telnet stimson.state.gov 25 Trying 169.252.4.133... Connected to stimson.state.gov.
he he he
Escape character is '^]'. 554-stimson.state.gov 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.
lovely, use 'alternate means'
Connection closed by foreign host.
Usually when a port isn't responding you'll get "timed out", "closed", "rejected" . port 79 times out for me.
telnet localhost 666 telnet: can't connect to remote host (127.0.0.1): Connection refused ok, so 'refused'.
participants (5)
-
Douglas Lucas
-
grarpamp
-
Karl
-
Karl Semich
-
Punk-BatSoup-Stasi 2.0