[dns-operations] new public DNS service: 184.108.40.206
cra at WPI.EDU
Mon Nov 20 17:37:46 UTC 2017
On Mon, Nov 20, 2017 at 09:21:53AM -0800, Damian Menscher wrote:
> On Mon, Nov 20, 2017 at 7:58 AM, A. Schulze <sca at andreasschulze.de> wrote:
> > Am 20.11.2017 um 13:08 schrieb Damian Menscher:
> > > If you identify instances of BGP hijacking please report either
> > privately to the victim (Google in your example) or publicly to the nanog
> > mailing list, so corrective action can be taken.
> > is there an easy way to identify an answer from a resolver (aka 220.127.116.11)
> > as an answer from Google?
> > "dig @18.104.22.168 hostname.bind. txt chaos" would be a weak indicator for
> > example
> > but unfortunately, Google don't respond to such queries.
> Given the intent is to detect malicious hijacking, I'm not sure posting a
> query that can be imitated by others is useful. Instead, I recommend
> running a traceroute and confirming the path enters Google's network before
> reaching the final host.
How do I tell from this traceroute?
>traceroute -T -O info -p 53 22.214.171.124
6 et-7-3-0.120.rtsw.newy32aoa.net.internet2.edu (126.96.36.199) 6.450 ms 6.752 ms 6.752 ms
7 lo-0.8.rtr.newy2.net.internet2.edu (188.8.131.52) 6.738 ms 6.833 ms 6.776 ms
8 184.108.40.206 (220.127.116.11) 6.604 ms 18.104.22.168 (22.214.171.124) 6.578 ms 126.96.36.199 (188.8.131.52) 6.536 ms
9 * * *
10 * * *
11 google-public-dns-a.google.com (184.108.40.206) <syn,ack> 7.172 ms 7.211 ms 6.796 ms
More information about the dns-operations