This is an email I’m circulating on a few mailing lists, tracking down a weird problem I ran into today. If anyone knows more, please comment.
I’m doing some routine maintenance on our mail server and tracking back IP addresses with a database that queries various WHOIS servers. To my surprise, the .mil whois server at whois.nic.mil is offline — the domain itself doesn’t resolve any longer.
I spoke to the very nice customer support representative at the phone number I found on the web, who told me the following:
1) he wasn’t sure if this service was *ever* public. Which I find interesting, as it’s a coded flag in the whois man page.
2) he said I should refer all IPs I need to review directly to DoD CERT.
3) he said that he received many calls like this, and it’s “always” people spoofing the IP addresses of .mil computers. I mentioned that since I’m tracking spam flow, it’s likely to be someone with a legitimate .mil address and a compromised computer. He referred me again to CERT.
Anyway, this struck me as *very* odd, and I feel like I’m showing up in the middle of the story. Anyone know more about this?
My mom’s AOL account has gone flaky today as of about one hour ago; she can’t email to my Yahoo account, and my work account can’t email to her. She called AOL, there’s a problem going on that they know about.
Maybe related, maybe not, who knows.
Internet Health Report shows good connections today: http://www.internethealthreport.com
I’d be surprised in this is a flakiness issue — the guy on the other end sounded pretty confident that this was a deliberate choice on the part of the .mil folks. He just seemed unclear on the concept of why it was a bad choice.