Re: [Sks-devel] Big amount of updated keys yesterday?

Francisco Jesus Monserrat Coll Wed, 13 Apr 2011 09:30:40 -0700

On Apr 13, 2011, at 6:17 PM, Daniel Kahn Gillmor wrote:


Hello,

 At 
> 
> I wouldn't be surprised if the recent burst was related to Jonathon
> Weiss' recent work getting pgp.mit.edu to sync again.
> 

At least for us, the sync came exactly from the MIT pgp server


 (zcat recon.log.[543].gz ; cat recon.log.1 recon.log )| egrep '[0-9]{3,} 
hashes'
2011-04-12 03:46:29 2892 hashes recovered from <ADDR_INET [18.9.60.141]:17311>
2011-04-12 04:04:01 2893 hashes recovered from <ADDR_INET [18.9.60.141]:17311>
2011-04-12 04:22:02 2893 hashes recovered from <ADDR_INET [18.9.60.141]:17311>
2011-04-12 05:17:27 2891 hashes recovered from <ADDR_INET [18.9.60.141]:17311>
2011-04-12 05:30:47 2894 hashes recovered from <ADDR_INET [18.9.60.141]:17311>
2011-04-12 05:48:57 2884 hashes recovered from <ADDR_INET [18.9.60.141]:17311>
2011-04-12 06:40:40 2886 hashes recovered from <ADDR_INET [18.9.60.141]:17311>
2011-04-12 07:36:14 2884 hashes recovered from <ADDR_INET [18.9.60.141]:17311>
2011-04-12 08:22:08 2885 hashes recovered from <ADDR_INET [18.9.60.141]:17311>
2011-04-12 08:37:44 2889 hashes recovered from <ADDR_INET [18.9.60.141]:17311>
2011-04-12 09:40:08 2884 hashes recovered from <ADDR_INET [18.9.60.141]:17311>
2011-04-12 10:20:36 2884 hashes recovered from <ADDR_INET [18.9.60.141]:17311>
2011-04-12 10:47:45 2885 hashes recovered from <ADDR_INET [18.9.60.141]:17311>
2011-04-12 11:48:08 2886 hashes recovered from <ADDR_INET [18.9.60.141]:17311>
2011-04-12 12:13:01 452 hashes recovered from <ADDR_INET [62.48.53.90]:11371>
2011-04-12 12:42:02 2891 hashes recovered from <ADDR_INET [18.9.60.141]:17311>
2011-04-12 13:14:07 2889 hashes recovered from <ADDR_INET [18.9.60.141]:17311>
2011-04-12 13:31:17 2889 hashes recovered from <ADDR_INET [18.9.60.141]:17311>
2011-04-12 14:44:17 2901 hashes recovered from <ADDR_INET [18.9.60.141]:17311>
2011-04-12 14:58:39 2906 hashes recovered from <ADDR_INET [18.9.60.141]:17311>
2011-04-12 15:23:26 2904 hashes recovered from <ADDR_INET [18.9.60.141]:17311>
2011-04-12 15:38:16 2906 hashes recovered from <ADDR_INET [18.9.60.141]:17311>
2011-04-12 16:21:18 2894 hashes recovered from <ADDR_INET [18.9.60.141]:17311>
2011-04-12 16:39:57 2897 hashes recovered from <ADDR_INET [18.9.60.141]:17311>
2011-04-12 17:49:11 2915 hashes recovered from <ADDR_INET [18.9.60.141]:17311>
2011-04-12 19:33:18 2885 hashes recovered from <ADDR_INET [18.9.60.141]:17311>
2011-04-12 19:54:43 2891 hashes recovered from <ADDR_INET [18.9.60.141]:17311>
2011-04-12 20:44:40 2893 hashes recovered from <ADDR_INET [18.9.60.141]:17311>
2011-04-12 21:28:25 2888 hashes recovered from <ADDR_INET [18.9.60.141]:17311>
2011-04-12 22:19:36 2887 hashes recovered from <ADDR_INET [18.9.60.141]:17311>
2011-04-12 22:47:57 2890 hashes recovered from <ADDR_INET [18.9.60.141]:17311>
2011-04-12 23:58:32 2887 hashes recovered from <ADDR_INET [18.9.60.141]:17311>
2011-04-13 00:20:20 2887 hashes recovered from <ADDR_INET [18.9.60.141]:17311>
2011-04-13 00:33:24 2894 hashes recovered from <ADDR_INET [18.9.60.141]:17311>
2011-04-13 02:16:46 2884 hashes recovered from <ADDR_INET [18.9.60.141]:17311>
2011-04-13 02:48:58 2885 hashes recovered from <ADDR_INET [18.9.60.141]:17311>
2011-04-13 06:01:01 2886 hashes recovered from <ADDR_INET [18.9.60.141]:17311>
2011-04-13 06:54:32 2888 hashes recovered from <ADDR_INET [18.9.60.141]:17311>
2011-04-13 07:19:15 2889 hashes recovered from <ADDR_INET [18.9.60.141]:17311>
2011-04-13 08:01:25 2884 hashes recovered from <ADDR_INET [18.9.60.141]:17311>
2011-04-13 10:35:15 2888 hashes recovered from <ADDR_INET [18.9.60.141]:17311>
2011-04-13 10:57:53 2897 hashes recovered from <ADDR_INET [18.9.60.141]:17311>
2011-04-13 12:08:38 2885 hashes recovered from <ADDR_INET [18.9.60.141]:17311>
2011-04-13 12:33:06 2885 hashes recovered from <ADDR_INET [18.9.60.141]:17311>
2011-04-13 13:25:16 2888 hashes recovered from <ADDR_INET [18.9.60.141]:17311>
2011-04-13 14:51:39 2889 hashes recovered from <ADDR_INET [18.9.60.141]:17311>
2011-04-13 15:16:02 2890 hashes recovered from <ADDR_INET [18.9.60.141]:17311>
2011-04-13 17:07:33 2894 hashes recovered from <ADDR_INET [18.9.60.141]:17311>

nslookup 18.9.60.141
Server:         130.206.1.39
Address:        130.206.1.39#53

Non-authoritative answer:
141.60.9.18.in-addr.arpa        name = CRYPTONOMICON.MIT.EDU.

 
regards

paco


>> Sure its an interesting challenge to try and find a "smoking gun".
> 
> Thinking through what sort of analysis is actually possible (and
> optionaly, what additional log info we might want for forensics like
> this) is a useful exercise, i think.
> 
>       --dkg
> 
> _______________________________________________
> Sks-devel mailing list
> Sks-devel@nongnu.org
> http://lists.nongnu.org/mailman/listinfo/sks-devel

PGP.sig
Description: This is a digitally signed message part

_______________________________________________
Sks-devel mailing list
Sks-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Big amount of updated keys yesterday?

Reply via email to