[dns-operations] Hijacking of Google Public DNS in Turkey documented

Alexander Neilson alexander at neilson.net.nz
Sun Mar 30 20:13:29 UTC 2014


Have you done a lookup on public IP Address of those two nodes?

Or any analysis of this variance? Using over the border internet? tunnelling?

Regards
Alexander

Alexander Neilson
Neilson Productions Limited

alexander at neilson.net.nz
021 329 681
022 456 2326

On 31/03/2014, at 3:57 am, Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:

>> http://www.bortzmeyer.org/dns-routing-hijack-turkey.html
> 
> Here is the result of a lookup of whoami.akamai.net from the ten
> turkish RIPE Atlas probes:
> 
> [74.125.18.80] : 2 occurrences
> [195.175.255.66] : 8 occurrences
> 
> 74.125.18.80 is Google, 195.175.255.66 Turkish Telecom. So, no, Google
> Public DNS is not proxied but replaced by an impostor which is a full
> recursor.
> 
> [All measurements show that 2 Atlas probes in Turkey do not see the
> hijacking (the first two in the output above). I don't know why these
> two are spared.]

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4154 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20140331/e328989f/attachment.bin>


More information about the dns-operations mailing list