[dns-operations] renesys blog: Identity Theft Hits the Root Name Servers

Danny McPherson danny at tcb.net
Fri May 23 15:33:22 UTC 2008


On May 23, 2008, at 9:24 AM, Duane Wessels wrote:
>
> I guess for me there is another very important aspect to this
> problem.  In this case, mutliple third parties were able to announce
> routes for the root server address and receive queries.  According
> to what Robert Edmonds showed us, AS 42909 was announcing  
> 198.32.64.0/24
> from 2007-12-15 until 2008-05-17.  Five months and nobody noticed!

I agree, and that's one of my greatest concerns as well..  Five
months and no one (ICANN) operating that server noticed?
Were this any type of for-profit operation this could have been
a real problem :-)

> Now granted this was the old address and they were answering honestly,
> but the stream of query data they recieved has huge value to people
> in the DNS monetization business (and others).

I'd be more concerned with the integrity of the queries and
use for malicious purposes than the monetization of DNS
data bit, but yet, point stands.

-danny



More information about the dns-operations mailing list