[dns-operations] Hijacking of Google Public DNS in Turkey documented
Paul Ferguson
fergdawgster at mykolab.com
Sun Mar 30 22:14:16 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
See also:
http://www.renesys.com/2014/03/turkish-internet-censorship/
- - ferg
On 3/30/2014 1:13 PM, Alexander Neilson wrote:
> Have you done a lookup on public IP Address of those two nodes?
>
> Or any analysis of this variance? Using over the border internet?
> tunnelling?
>
> Regards Alexander
>
> Alexander Neilson Neilson Productions Limited
>
> alexander at neilson.net.nz 021 329 681 022 456 2326
>
> On 31/03/2014, at 3:57 am, Stephane Bortzmeyer <bortzmeyer at nic.fr>
> wrote:
>
>>> http://www.bortzmeyer.org/dns-routing-hijack-turkey.html
>>
>> Here is the result of a lookup of whoami.akamai.net from the ten
>> turkish RIPE Atlas probes:
>>
>> [74.125.18.80] : 2 occurrences [195.175.255.66] : 8 occurrences
>>
>> 74.125.18.80 is Google, 195.175.255.66 Turkish Telecom. So, no,
>> Google Public DNS is not proxied but replaced by an impostor
>> which is a full recursor.
>>
>> [All measurements show that 2 Atlas probes in Turkey do not see
>> the hijacking (the first two in the output above). I don't know
>> why these two are spared.]
>
>
>
> _______________________________________________ dns-operations
> mailing list dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs
> mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
>
- --
Paul Ferguson
VP Threat Intelligence, IID
PGP Public Key ID: 0x54DC85B2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iF4EAREIAAYFAlM4lzgACgkQKJasdVTchbLI8wEAkoEJ6E90O/VGj8Ra6OVSjXA0
37Vi1jpB3Bb+eW8R0qYA/0Prd+xZEh+J4H3Uan/kKCaAyz1T02l8mEeTFRRTmF7Q
=pCIc
-----END PGP SIGNATURE-----
More information about the dns-operations
mailing list