ICANN/GNSO GNSO Email List Archives

[ga]

<<< Chronological Index >>>    <<< Thread Index >>>

Re: [ga] Root-Servers missing: g.root-servers.net andk.root-servers.net

  • To: Joe Baptista <baptista@xxxxxxxxxxxxxx>
  • Subject: Re: [ga] Root-Servers missing: g.root-servers.net andk.root-servers.net
  • From: "Jeffrey A. Williams" <jwkckid1@xxxxxxxxxxxxx>
  • Date: Mon, 28 Jul 2008 00:29:28 -0700
Joe and all,

  Well I thank you for the digression as it is useful and informational
to a great extent.

  I would slightly disagree that the US or Canadian Military does
a "fairly good job of protecting their infrastructure", as you stated.
The may and seemingly do now, but this is a recent occurrence as
you know the Pentagon's and the Air Forces Email was grossly
hacked only a few months ago and was made newsworthy
accordingly, and rightfully so.

  What is significant and noteworthy is that only recently has it
been finally fully recognized of the inherent insecurity of current
and prevalent configurations of DNS at various levels.  These
security holes have been known for some time but were denied
of down played when several of us in 2001 made note of such
to ICANN and the IANA.  Ergo, as the delay in excepting these
security deficiencies have now come home to roost, as it were,
and causing significant havoc rather precipitously.  Some DN holders
and Service providers still have not made the necessary adjustments
and/or remain in denial.

  Yes the Roots are working now, but were down for a short time,
and seemingly for good reason(s).


Joe Baptista wrote:

>
>
> On Sun, Jul 27, 2008 at 8:26 PM, Jeffrey A.
> Williams <jwkckid1@xxxxxxxxxxxxx> wrote:
>
>      Joe and all,
>
>       Yes indeed the US Military like the Canadian military
>      complex
>      often gets attacks routed through the IANA.  Frankly this is
>      or
>      has been concerning.  I for one am glad to see that as you
>      indicated
>      that the US Military establishment has finnaly taken the
>      wise and
>      necessary course of action and filtered out the IANA mess.
>
>
> Thats not exactly what may be happening.  IANA may not the issue.
> Their network could of been under attack and they took the necessary
> precautions - like filtering out icmp - not IANA.  The roots are
> working last time i checked.
>
> And the U.S. military does a fairly good job of protecting their
> infrastructure.  Mind you when the Republicans commissioned me to do a
> sweep of the DOD DNS infrastructure years ago - they were not looking
> very pretty.  They are much improved these days.  They of all realize
> the internet is a dangerous place to be.  And they take the
> appropriate precautions.
>
> Mind you - I understand the China military find the whole USG, DoD,
> IANA infrastructure very vulnerable to attack - and make fun of it at
> parties.  I think most of that is attributed to vulnerabilities in the
> DNS.
>
> anyway - sorry I digressed.
>
> regards
> joe baptista
>
>
>
>
>      Joe Baptista wrote:
>
>      > I got the same thing on my end this morning.  But it has
>      since been
>      > fixed.  There indeed is an issue at 198.26.75.42 - which
>      is the
>      > department of defense - usa - but it might just be some
>      filtering is
>      > being done to ward off an attack.  DoD gets a lot of cyber
>      attacks on
>      > a daily basis so it looks like 198.26.75.42 is filtering
>      out icmp at
>      > the iana g.root.
>      >
>      > regards
>      > joe baptista
>      >
>      > On Mon, Jul 28, 2008 at 10:25 AM, Peter Dambier
>      <peter@xxxxxxxx>
>      > wrote:
>      >
>      >
>      >      Hello,
>      >
>      >      I guess it might be a local glitch, anycast?
>      >
>      >      Root-Servers SOA records
>      >
>      >
>      soa(".","2008072800","a.root-servers.net","198.41.0.4").
>      >
>      soa(".","2008072701","b.root-servers.net","192.228.79.201").
>
>      >
>      >
>      soa(".","2008072800","c.root-servers.net","192.33.4.12").
>      >
>      soa(".","2008072800","d.root-servers.net","128.8.10.90").
>      >
>      soa(".","2008072800","e.root-servers.net","192.203.230.10").
>
>      >
>      >
>      soa(".","2008072800","f.root-servers.net","192.5.5.241").
>      >      error(".","g.root-servers.net","192.112.36.4","no
>      >      response").
>      >
>      soa(".","2008072800","h.root-servers.net","128.63.2.53").
>      >
>      soa(".","2008072800","i.root-servers.net","192.36.148.17").
>      >
>      soa(".","2008072800","j.root-servers.net","192.58.128.30").
>      >      error(".","k.root-servers.net","193.0.14.129","no
>      >      response").
>      >
>      soa(".","2008072800","l.root-servers.net","199.7.83.42").
>      >
>      soa(".","2008072800","m.root-servers.net","202.12.27.33").
>      >
>      >
>      >      Trying traceroute says
>      >
>      >      traceroute to g.root-servers.net (192.112.36.4), 64
>      hops
>      >      max, 40 byte packets
>      >       1  yttrium.anul.nsa (7.19.30.39)  1 ms  0 ms  0 ms
>      >       2  * * *
>      >       3  217.0.78.58 (217.0.78.58)  46 ms  45 ms  44 ms
>      >       4  62.154.15.161 (62.154.15.161)  177 ms  177 ms
>      178 ms
>      >       5  62.156.128.158 (62.156.128.158)  176 ms  178 ms
>      177 ms
>      >       6  cer-core-02.inet.qwest.net (205.171.139.149)  178
>      ms
>      >      177 ms  178 ms
>      >       7  chi-core-01.inet.qwest.net (67.14.9.10)  178 ms
>      178 ms
>      >      178 ms
>      >       8  * chi-edge-08.inet.qwest.net (205.171.20.118)
>      177 ms *
>      >       9  216.207.8.198 (216.207.8.198)  189 ms  190 ms
>      188 ms
>      >      10  198.26.75.33 (198.26.75.33)  188 ms  190 ms  189
>      ms
>      >      11  198.26.75.42 (198.26.75.42)  188 ms  190 ms  188
>      ms
>      >      12  * * *
>      >      13  * * *
>      >
>      >      So routing does not know where to find "g".
>      >
>      >      traceroute to k.root-servers.net (193.0.14.129), 64
>      hops
>      >      max, 40 byte packets
>      >       1  yttrium.anul.nsa (7.19.30.39)  1 ms  0 ms  0 ms
>      >       2  * * *
>      >       3  217.0.78.54 (217.0.78.54)  46 ms  45 ms  45 ms
>      >       4  194.25.6.201 (194.25.6.201)  63 ms  63 ms  64 ms
>      >       5  f10.router.linx.k.ripe.net (217.79.160.94)  61
>      ms  62
>      >      ms  61 ms
>      >       6  k.root-servers.net (193.0.14.129)  64 ms  63 ms
>      63 ms
>      >
>      >      "k" has come back or has been redirected.
>      >
>      >      Kind regards
>      >      Peter
>      >
>      >      --
>      >      Peter and Karin Dambier
>      >      Planet Communication and Computing Facility
>      >      Rimbacher Strasse 16
>      >      D-69509 Moerlenbach-Bonsweiher
>      >      +49(6209)795-816 (Telekom)
>      >      +49(6252)750-308 (VoIP: sipgate.de)
>      >      mail: peter@xxxxxxxx
>      >      http://www.pccf.net/
>      >      http://www.peter-dambier.de/
>      >      http://iason.site.voila.fr/
>      >      https://sourceforge.net/projects/iason/
>      >
>      >
>      >
>      >
>      > --
>      > Joe Baptista
>      > www.publicroot.org
>      > PublicRoot Consortium
>      >
>      ----------------------------------------------------------------
>
>      > The future of the Internet is Open, Transparent,
>      Inclusive,
>      > Representative & Accountable to the Internet community
>      @large.
>      >
>      ----------------------------------------------------------------
>
>      > Office: +1 (360) 526-6077 (extension 052)
>      > Fax: +1 (509) 479-0084
>      >
>      >
>      Regards,
>
>      Spokesman for INEGroup LLA. - (Over 281k
>      members/stakeholders strong!)
>      "Obedience of the law is the greatest freedom" -
>        Abraham Lincoln
>
>      "Credit should go with the performance of duty and not with
>      what is
>      very often the accident of glory" - Theodore Roosevelt
>
>      "If the probability be called P; the injury, L; and the
>      burden, B;
>      liability depends upon whether B is less than L multiplied
>      by
>      P: i.e., whether B is less than PL."
>      United States v. Carroll Towing  (159 F.2d 169 [2d Cir.
>      1947]
>      =====
>      =========================================================
>      Updated 1/26/04
>      CSO/DIR. Internet Network Eng. SR. Eng. Network data
>      security IDNS.
>      div. of Information Network Eng.  INEG. INC.
>      ABA member in good standing member ID 01257402 E-Mail
>      jwkckid1@xxxxxxxxxxxxx
>      My Phone: 214-244-4827
>
>
>
>
>
> --
> Joe Baptista
> www.publicroot.org
> PublicRoot Consortium
> ----------------------------------------------------------------
> The future of the Internet is Open, Transparent, Inclusive,
> Representative & Accountable to the Internet community @large.
> ----------------------------------------------------------------
> Office: +1 (360) 526-6077 (extension 052)
> Fax: +1 (509) 479-0084
>
>
Regards,

Spokesman for INEGroup LLA. - (Over 281k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln

"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS.
div. of Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402 E-Mail
jwkckid1@xxxxxxxxxxxxx
My Phone: 214-244-4827
<<< Chronological Index >>>    <<< Thread Index >>>