portland independent media center  
images audio video
newswire article announcements global

technology

My investigation into indymedia.org probs

I did a quick investigation into what has gone wrong with the indymedia.org sites and here are the results...
I did a "whois" on indymedia.org and discovered that these are the nameservers (computers that point out the address of all indymedia.org servers):

Name Server:BLACK.CAT.ORG.AU
This is returning pings.

Name Server:FS.FREESPEECH.ORG
This is NOT returning pings.

Name Server:NS1.RISEUP.NET
This is returning pings.

Hmm, I thought, its not a nameserver problem because the other two (apart from fs.freespeech.org) should be capable of finding it. So I ran a traceroute on dc.indymedia.org and it returned an "unknown host" error. So it IS a nameserver problem after all!

Maybe the whois info is out of date and all nameserver requests are going though freespeech after all...?

So I ran a traceroute on fs.freespeech.org and it seemed to get all the way there (hopping over to NYC and then into freespeechTV systems in Boulder in 20 hops).

nmapping fs.freespeech.org gave the following output:

Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Interesting ports on fs.freespeech.org (206.168.174.3):
(The 1010 ports scanned but not shown below are in state: filtered)
Port State Service
20/tcp closed ftp-data
21/tcp closed ftp
22/tcp open ssh
25/tcp closed smtp
53/tcp closed domain
80/tcp closed http
100/tcp closed newacct
109/tcp closed pop-2
110/tcp closed pop-3
123/tcp closed ntp
143/tcp closed imap2
443/tcp closed https

(all other ports are closed)

As you can see - port 53 (the nameserver that should be telling people where to find indymedia.org servers) is closed. Infact, everything is closed apart from ssh - which could mean they are doing remote maintenance but its 4am over there, which is black-hat time and I would hazard a guess that this is malicious.

Anyone have the phone number of peeps from freespeechTV in Colorado?

Bo!
Dannyboy
Hopefully the IMC techies will fill us in 23.Jul.2003 04:35

Reader

I'm sure that plenty of us, along with myself, are very interested in what happened. Please don't keep us in the dark.

The first thing that comes to mind is some right wing hacker knocked IMC offline for a while. If that is the case, I hope everything is being done to ensure that this doesn't happen again. A bunch of geeks, even left wing geeks, should be able to implement a bulletproof site.

And if it was a hacking, go after the perpetrator.

root name server issue 23.Jul.2003 11:29

pdxtech

We are unsure as to what the problem was as it affected the root indymedia.org name servers. That is why all names ending in indymedia.org did not work while all others did. However, portland does not have a strong working relationship with those who manage the root name servers. It is my understanding that they have had problems before. We will be taking steps to provide alternative domain names on different servers and publicizing those names so there will be alternatives available for our readers. In addition, we will be making some proposals to the indymedia dns group about ways to remedy these sorts of problems in the future. We apologize for any inconvenience.