On 01/29/2010 08:30 PM, Robert D. Scott wrote:
Looks like an internal problem to BoA. The redirect works, and I get an
immediate reply. The https redirect page appears boinked. Even with a -k
curl took over 30 seconds to get the page, and the browser would have timed
out.
Hi,
Just noticed this article, maybe BoA is also a target ?:
CIA, PayPal under bizarre SSL assault
The "massive" flood of requests is made over the websites' SSL, or
secure-sockets layer, port, causing them to consume more resources than
normal connections, according to researchers at Shadowserver Foundation,
a volunteer security collective. The torrent started about a week ago
and appears to be caused by recent changes made to a botnet known as
Pushdo <http://www.theregister.co.uk/2008/02/29/botnet_spam_deluge/>.
http://www.theregister.co.uk/2010/01/29/strange_ssl_web_attack/
http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20100129
Maybe that has something to do with this ?
Hope you have a nice weekend.
rob...@robert ~
$ curl -i -G www.bankofamerica.com
HTTP/1.1 301 Moved Permanently
Server: Sun-ONE-Web-Server/6.1
Date: Fri, 29 Jan 2010 19:25:08 GMT
Content-length: 122
Content-type: text/html
Location: https://www.bankofamerica.com/index.jsp
Connection: close
<HTML><HEAD><TITLE>Moved Permanently</TITLE></HEAD>
<BODY><H1>Moved Permanently</H1>
An error has occurred.
</BODY></HTML>
rob...@robert ~
$ curl -i -G www.bankofamerica.com
HTTP/1.1 301 Moved Permanently
Server: Sun-ONE-Web-Server/6.1
Date: Fri, 29 Jan 2010 19:25:28 GMT
Content-length: 122
Content-type: text/html
Location: https://www.bankofamerica.com/index.jsp
Connection: close
<HTML><HEAD><TITLE>Moved Permanently</TITLE></HEAD>
<BODY><H1>Moved Permanently</H1>
An error has occurred.
</BODY></HTML>
rob...@robert ~
$ curl -i -G https://www.bankofamerica.com/index.jsp
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
failed
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
rob...@robert ~
$ curl -k -i -G https://www.bankofamerica.com/index.jsp
Robert D. Scott rob...@ufl.edu
Senior Network Engineer 352-273-0113 Phone
CNS - Network Services 352-392-2061 CNS Phone Tree
University of Florida 352-392-9440 FAX
Florida Lambda Rail 352-294-3571 FLR NOC
Gainesville, FL 32611 321-663-0421 Cell
-----Original Message-----
From: John Palmer (NANOG Acct) [mailto:nan...@adns.net]
Sent: Friday, January 29, 2010 2:22 PM
To: NANOG list
Subject: Level 3 DC issues?
Anyone see any connectivity issues with Level-3 in the DC area? This issue
is causing big latency problems
that appeared to have taken out Bank of America's website.