The i-root china reroute finally makes fox news. And congress.
http://www.foxnews.com/politics/2010/11/16/internet-traffic-reportedly-route... -- Suresh Ramasubramanian (ops.lists@gmail.com)
What's the big deal ? Just look at what the sticker under whatever you are using to type says ... Made in ? We live in a hijacked world. Cheers BTW avoid foxnews, not much operational content there. On Tue, Nov 16, 2010 at 11:08 AM, Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
http://www.foxnews.com/politics/2010/11/16/internet-traffic-reportedly-route...
-- Suresh Ramasubramanian (ops.lists@gmail.com)
On Wed, Nov 17, 2010 at 6:09 AM, Jorge Amodio <jmamodio@gmail.com> wrote:
Cheers BTW avoid foxnews, not much operational content there.
I know it, you know it .. and the problem is that operational content turning up there has a nasty way of getting political As it is, fox news is reporting something which was presented to congress So, lessigisms like "code is law" aside, I guess yes, it IS political now. -- Suresh Ramasubramanian (ops.lists@gmail.com)
Really? Seems to me like Glen Beck is always drawing a series of tubes on his chalkboard? They all lead to Godwin's law though. Very strange... On 11/16/2010 7:39 PM, Jorge Amodio wrote:
What's the big deal ? Just look at what the sticker under whatever you are using to type says ... Made in ?
We live in a hijacked world.
Cheers BTW avoid foxnews, not much operational content there.
On Tue, Nov 16, 2010 at 11:08 AM, Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
http://www.foxnews.com/politics/2010/11/16/internet-traffic-reportedly-route...
-- Suresh Ramasubramanian (ops.lists@gmail.com)
On Nov 17, 2010, at 1:08 AM, Suresh Ramasubramanian wrote:
http://www.foxnews.com/politics/2010/11/16/internet-traffic-reportedly-route...
I have read the article and the list, and I'm puzzled. It's pretty clear that the root gets its records from a common source, and that the copies of them being delivered by a given root server were different. As a result, traffic intended to go place A went to place B if the TLD lookup happened to go to the particular root server in question. How did an instance of the root server find itself serving changed records? While there is no obvious indication of who made the change or for what reason, it's unlikely it was accidental. Not sure what Glenn Beck, Fox News, or Godwin's Law have to do with it. There was a technical event that resulted in misrouting of traffic, and while international concerns regarding it had political overtones, the technical event is not a political one. If it was your traffic that had been misrouted, you might have issued expressions of concern. So why respond to it with a political response? Sounds to me like one of the arguments for DNSSEC deployment...
Man in the middle rewriting of DNS query responses is the only thing I can think of. On Wed, Nov 17, 2010 at 11:47 AM, Fred Baker <fred@cisco.com> wrote:
I have read the article and the list, and I'm puzzled. It's pretty clear that the root gets its records from a common source, and that the copies of them being delivered by a given root server were different. As a result, traffic intended to go place A went to place B if the TLD lookup happened to go to the particular root server in question. How did an instance of the root server find itself serving changed records? While there is no obvious indication of who made the change or for what reason, it's unlikely it was accidental.
-- Suresh Ramasubramanian (ops.lists@gmail.com)
On Wed, Nov 17, 2010 at 12:13:39PM +0530, Suresh Ramasubramanian <ops.lists@gmail.com> wrote a message of 17 lines which said:
Man in the middle rewriting of DNS query responses is the only thing I can think of.
And it's easy to detect since the rewriter tells the truth about its own name. From China, query "dig @I.root-servers.net CH TXT hostname.bind" and, instead of the normal name of a Netnod instance, you will get a chinese name (such as c1-zaojunmiao-ns1)...
On Nov 16, 2010, at 8:17 PM, Fred Baker wrote:
http://www.foxnews.com/politics/2010/11/16/internet-traffic-reportedly-route...
I have read the article and the list, and I'm puzzled. It's pretty clear that the root gets its records from a common source, and that the copies of them being delivered by a given root server were different.
Hard to decipher what the Fox report is actually talking about, but I suspect it relates to http://www.renesys.com/blog/2010/06/two-strikes-i-root.shtml
Not sure what Glenn Beck, Fox News, or Godwin's Law have to do with it. There was a technical event that resulted in misrouting of traffic, and while international concerns regarding it had political overtones, the technical event is not a political one. If it was your traffic that had been misrouted, you might have issued expressions of concern. So why respond to it with a political response?
As for political vs. technical, it feels (particularly given the Fox report is sourced from a paper on US-China relations) like yet more cyber war drum beating, but that might just be me.
Sounds to me like one of the arguments for DNSSEC deployment...
DNSSEC would let you know something odd happened (if you're doing a DNS lookup, have validation turned on, and can tell the difference between SERVFAIL generated stub resolver timeout and a random Internet brokenness), although it doesn't really give you any tools to fix it. What really needs to be fixed is "routing by rumor". Regards, -drc
Greetings,
http://www.foxnews.com/politics/2010/11/16/internet-traffic-reportedly-route...
Hard to decipher what the Fox report is actually talking about, but I suspect it relates to http://www.renesys.com/blog/2010/06/two-strikes-i-root.shtml
I would echo the thoughts earlier in this thread that the Fox story is making rather non-technical or technically vague statements. As I read the text [*], my suspicion is that this report has very little to do with the I-root's global Beijing instance (exposure to risk here would requires DNS tampering, visibility outside China and, to boot, is probabilistic, rather than wholesale). The article makes references to the terms hijacking, redirection, a 'state-owned Chinese telecommunications firm' and 'security vulnerabilities pertaining to Internet routing processes'. It seems much more likely that this article is a digested summary of the routing leak (re-origination) of tens of thousands of prefixes by AS 27374, discussed on this list and detailed by BGPMon: http://mailman.nanog.org/pipermail/nanog/2010-April/020789.html http://bgpmon.net/blog/?p=282 Danny McPherson also posted a nice summary here, as well, and identfies the problem we know and love so well (BGP) and even refers 'routing by rumour', as you did David. http://mailman.nanog.org/pipermail/nanog/2010-April/020864.html The Fox story twice refers to 2010-04-18, but the date was 2010-04-08. -Martin -- Martin A. Brown --- Renesys Corporation --- mabrown@renesys.com
On 17 nov 2010, at 07.17, Fred Baker wrote:
On Nov 17, 2010, at 1:08 AM, Suresh Ramasubramanian wrote:
http://www.foxnews.com/politics/2010/11/16/internet-traffic-reportedly-route...
I have read the article and the list, and I'm puzzled. It's pretty clear that the root gets its records from a common source, and that the copies of them being delivered by a given root server were different. As a result, traffic intended to go place A went to place B if the TLD lookup happened to go to the particular root server in question. How did an instance of the root server find itself serving changed records? While there is no obvious indication of who made the change or for what reason, it's unlikely it was accidental.
Not sure what Glenn Beck, Fox News, or Godwin's Law have to do with it. There was a technical event that resulted in misrouting of traffic, and while international concerns regarding it had political overtones, the technical event is not a political one. If it was your traffic that had been misrouted, you might have issued expressions of concern. So why respond to it with a political response?
Sounds to me like one of the arguments for DNSSEC deployment...
Before the rumor mill get's going based on the Renesys work again, the article doesn't mention DNS, it mentions re-routing of traffic. I would like to repreat what we have said in the past. As best as we can tell - no i.root-servers.net instance operated by us has answered incorrectly - ever. We serve the data exactly as we receive it from IANA. When I read the article I assumed it referred to the routing leaks of April 8th that was also discussed on Nanog. But I haven't read the report, nor has anyone contacted us regarding it. Renesys has though, a few weeks ago contacted us to get some data from us on what happened in March. Best regards, - kurtis -
On 16 nov 2010, at 18.08, Suresh Ramasubramanian wrote:
http://www.foxnews.com/politics/2010/11/16/internet-traffic-reportedly-route...
I can detect from the report that this has anything to do with i.root? Can you explain that? Looking at the dates referred to it seem more to be related to the routing leaks on April 8th. Or do you have additional information? Best regards, - kurtis -
On 17 nov 2010, at 15.37, Lindqvist Kurt Erik wrote:
On 16 nov 2010, at 18.08, Suresh Ramasubramanian wrote:
http://www.foxnews.com/politics/2010/11/16/internet-traffic-reportedly-route...
I can detect from the report that this has anything to do with i.root? Can you explain that?
Apparently typing fast is not a good idea :-( I meant to say "I cannot deduct"...
Looking at the dates referred to it seem more to be related to the routing leaks on April 8th. Or do you have additional information?
Best regards,
- kurtis -
Best regards, - kurtis -
On 17 nov 2010, at 15.37, Lindqvist Kurt Erik wrote:
On 16 nov 2010, at 18.08, Suresh Ramasubramanian wrote:
http://www.foxnews.com/politics/2010/11/16/internet-traffic-reportedly-route...
I can detect from the report that this has anything to do with i.root? Can you explain that?
Looking at the dates referred to it seem more to be related to the routing leaks on April 8th. Or do you have additional information?
...and the washington post article at http://www.washingtontimes.com/news/2010/nov/15/internet-traffic-was-routed-... seems to refer the April 8th, which matches the route-leak. did you have any other source? Best regards, - kurtis -
I had the timeframe wrong then and it was the April 8 routing leaks. Sorry for the false alarm. On Wed, Nov 17, 2010 at 8:07 PM, Lindqvist Kurt Erik <kurtis@kurtis.pp.se> wrote:
I can detect from the report that this has anything to do with i.root? Can you explain that?
Looking at the dates referred to it seem more to be related to the routing leaks on April 8th. Or do you have additional information?
-- Suresh Ramasubramanian (ops.lists@gmail.com)
two observations: ) this sounds/looks like a modern kremvax story ) what a slow news day --bill On Wed, Nov 17, 2010 at 09:07:26PM +0530, Suresh Ramasubramanian wrote:
I had the timeframe wrong then and it was the April 8 routing leaks. Sorry for the false alarm.
On Wed, Nov 17, 2010 at 8:07 PM, Lindqvist Kurt Erik <kurtis@kurtis.pp.se> wrote:
I can detect from the report that this has anything to do with i.root? Can you explain that?
Looking at the dates referred to it seem more to be related to the routing leaks on April 8th. Or do you have additional information?
-- Suresh Ramasubramanian (ops.lists@gmail.com)
I believe the entire mambo-jambo badly researched and digested news piece comes from page 241 of the following report: http://www.uscc.gov/annual_report/2010/annual_report_full_10.pdf Cheers Jorge
Forgot to include that the "18 minute" reference is on page 244. -J On Wed, Nov 17, 2010 at 1:40 PM, Jorge Amodio <jmamodio@gmail.com> wrote:
I believe the entire mambo-jambo badly researched and digested news piece comes from page 241 of the following report:
http://www.uscc.gov/annual_report/2010/annual_report_full_10.pdf
Cheers Jorge
2010/11/17 Jorge Amodio <jmamodio@gmail.com>:
Forgot to include that the "18 minute" reference is on page 244.
-J
From Renesys blog: http://www.renesys.com/blog/2010/11/chinas-18-minute-mystery.shtml
-- Saluti Mirko
This little border skirmish is a good reminder that we build and operate one of the key battlegrounds on which all current and future wars are, and will be, fought. David On Tue, Nov 16, 2010 at 9:08 AM, Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
http://www.foxnews.com/politics/2010/11/16/internet-traffic-reportedly-route...
-- Suresh Ramasubramanian (ops.lists@gmail.com)
On Mon, Nov 29, 2010 at 10:28 PM, David Hiers <hiersd@gmail.com> wrote:
This little border skirmish is a good reminder that we build and operate one of the key battlegrounds on which all current and future wars are, and will be, fought.
Too much SciFi, nothing better and more effective than a fully loaded ol'gun, the bigger the better, also if it can fly remotely operated. -J
Not if it's traffic is re-routed/compromised. ;) Jeff On Tue, Nov 30, 2010 at 10:01 AM, Jorge Amodio <jmamodio@gmail.com> wrote:
Too much SciFi, nothing better and more effective than a fully loaded also if it can fly remotely operated.
-J
-- Jeffrey Lyon, Leadership Team jeffrey.lyon@blacklotus.net | http://www.blacklotus.net Black Lotus Communications - AS32421 First and Leading in DDoS Protection Solutions
participants (12)
-
Andrew Kirch -
bmanning@vacation.karoshi.com -
David Conrad -
David Hiers -
Fred Baker -
Jeffrey Lyon -
Jorge Amodio -
Lindqvist Kurt Erik -
Martin A. Brown -
Mirko Maffioli -
Stephane Bortzmeyer -
Suresh Ramasubramanian