[dns-operations] Hijacking of Google Public DNS in Turkey documented
Alexander Neilson
alexander at neilson.net.nz
Sun Mar 30 20:13:29 UTC 2014
Have you done a lookup on public IP Address of those two nodes?
Or any analysis of this variance? Using over the border internet? tunnelling?
Regards
Alexander
Alexander Neilson
Neilson Productions Limited
alexander at neilson.net.nz
021 329 681
022 456 2326
On 31/03/2014, at 3:57 am, Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
>> http://www.bortzmeyer.org/dns-routing-hijack-turkey.html
>
> Here is the result of a lookup of whoami.akamai.net from the ten
> turkish RIPE Atlas probes:
>
> [74.125.18.80] : 2 occurrences
> [195.175.255.66] : 8 occurrences
>
> 74.125.18.80 is Google, 195.175.255.66 Turkish Telecom. So, no, Google
> Public DNS is not proxied but replaced by an impostor which is a full
> recursor.
>
> [All measurements show that 2 Atlas probes in Turkey do not see the
> hijacking (the first two in the output above). I don't know why these
> two are spared.]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4154 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20140331/e328989f/attachment.bin>
More information about the dns-operations
mailing list