<<<
Chronological Index
>>> <<<
Thread Index
>>>
Re: [ga] What Could You Do With a Bogus Root Name Server?
- To: "Jeffrey A. Williams" <jwkckid1@xxxxxxxxxxxxx>
- Subject: Re: [ga] What Could You Do With a Bogus Root Name Server?
- From: "Joe Baptista" <baptista@xxxxxxxxxxxxxx>
- Date: Mon, 2 Jun 2008 08:35:13 -0400
Jeff back in 2002 I warned about what abuses could happen with name servers.
http://www.cynikal.net/users/baptista/papers/Root_Server_Privacy_Complaint.pdf
Glad to see people are finally listening - it only took 6 years.
cheers
joe
On Mon, Jun 2, 2008 at 1:58 AM, Jeffrey A. Williams <jwkckid1@xxxxxxxxxxxxx>
wrote:
>
> All,
>
> Back to Dr. Joes concern, kinda...
>
> See:http://it.slashdot.org/article.pl?sid=08/05/19/1325214&tid=172
> and
> http://www.renesys.com/blog/2008/06/securing_the_root.shtml
>
> Identity theft' of a root name server. To emphasize the issue of
> safeguarding such a system, they've now posted an explanation of
> exactly how the situation could be exploited. "It shouldn't be too
> hard to see that you could end up answering every DNS query from
> an organization that came to you for an updated list of root name
> servers. Every one. And you might end up doing this for a very
> long time, especially if your answers were largely correct. An attack
> like this would have no resemblance to the YouTube hijack, where the
> entire planet gets a blank page and it's immediately apparent that
> something isn't right. Obvious events like this will continue to occur,
> and we'll continue to resolve them relatively quickly. But as this
> incident demonstrates, DNS hijacks are far less obvious and potentially
> far more harmful.
>
> Regards,
>
> Spokesman for INEGroup LLA. - (Over 281k members/stakeholders strong!)
> "Obedience of the law is the greatest freedom" -
> Abraham Lincoln
>
> "Credit should go with the performance of duty and not with what is
> very often the accident of glory" - Theodore Roosevelt
>
> "If the probability be called P; the injury, L; and the burden, B;
> liability depends upon whether B is less than L multiplied by
> P: i.e., whether B is less than PL."
> United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947]
> ===============================================================
> Updated 1/26/04
> CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS.
> div. of Information Network Eng. INEG. INC.
> ABA member in good standing member ID 01257402 E-Mail
> jwkckid1@xxxxxxxxxxxxx
> My Phone: 214-244-4827
>
>
--
Joe Baptista
www.publicroot.org
PublicRoot Consortium
----------------------------------------------------------------
The future of the Internet is Open, Transparent, Inclusive, Representative &
Accountable to the Internet community @large.
----------------------------------------------------------------
Office: +1 (360) 526-6077 (extension 052)
Fax: +1 (509) 479-0084
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|