Re: [ga] censorship among root servers

[Joe Baptista <baptista@xxxxxxxxxxxxxx>]

I was wondering how long this would take to make the rounds. This is a
serious issue. See RFC 2826 http://bit.ly/drkKN8

On Fri, Mar 26, 2010 at 9:47 AM, Andrew McMeikan <andrewm@xxxxxxxxxxxx>wrote:

>
> I was reading
> https://lists.dns-oarc.net/pipermail/dns-operations/2010-March/005267.html
>

I first saw it here:


>
> which suggests that some of China's censorship is leaking but would
> seem mostly confined (i.e. not leaking to Japan)
>

First of all this is a very grave and serious issue having incredible
security repercussions world wide. If in fact a root server was responding
that facebook could be found at IP address* *46.82.174.68 then we have a
problem. A root server the world depends on has been hijacked.

Rod Beckstrom should investigate and report back immediately on what
happened. I remind this group that it only takes one root server to take
over the entire net. I've proven that technical point on two occasions. Rod
should address the following questions:

1. What happened?

2. Did ICANN know i.root server was censoring facebook.com in China?

3. Did ICANN approve this?

Folks - please remember the servers may have been hijacked. ICANN and China
may not have been involved. It's easy to hijack IP numbers. I know some
people over in Amsterdam who hijack IP. It's happened to me.

The problem here irrespective of censorship or hijacker issues is if more
sites were tampered with. Was the condition above only restricted to
facebook.com or is it possible other web sites have been compromised. Banks,
Governments, finance companies, credit cards etc. etc. etc. We probably
won't ever know. People would just notice a slower response time on the web
because of the proxy in between. This proxy site at 46.82.174.68 and*
*59.24.3.173
would collect the users personal information for whatever domain was being
intercepted.

Whomever the root hijacker is they are behind the proxy sites that were
running at IPv4 addresses 46.82.174.68 and* *59.24.3.173*. *46.82.174.68
looks like an unallocated block at RIPE and* *59.24.3.173 allocated to KT
Corporation in Korea. The companies website looks like a social networking
site. So either they were somehow involved as network providers to the China
ICANN censorship conspiracy or their routing was hacked.
*
*So if this was not an ICANN China conspiracy to test the DNS - then I would
be very worried right now because millions of facebook user accounts could
be compromised.

And I hate to rub everyones nose in it - but if this in fact did happen and
facebook users were redirected - then it proves my point. To be secure one
should operate their own root servers.



>
> Is this the start to the end of DNS?  Implementing censorship occurs
>  more aggressively as western countries embrace what was previously
> frowned on as totalitarian giving countries that already embrace
> censorship a justifiable position in more extreme censorship.
>
> If root nodes are compromised to the point that they redirect
> queries to false sites then any trust in DNS is lost.
>
> I call on everyone here to support a declaration that:
> "No censorship can be tolerated within the root servers."
> and that this supported declaration be forwarded to the ICANN board
> that they may press China to chose another way to achieve their
> internal polices than polluting a global shared resource.
>
> I trust that this is such a minimalist statement that it can receive
> unanimous support within the general assembly.  My personal views on
> censorship would like to make a much broader statement but without
> this minimal simplistic position for root server trust, I feel that
> there can be no functioning name system.
>
>
Yes - you are absolutely right in all of your concerns and Rod Beckstrom has
to give us some hard answers.

This may very well be the final nail in ICANNs coffin.  This is also a
serious wake up call to governments world wide. If governments want to
guarantee their people and infrastructure is secure then they have to kiss
the thirteen ugly root sisters goodbye and run their own root infrastructure
or run the risk that some other government or hacker kid can cause havoc to
your networks.

P.S. There is a less technical description of what happened at
http://bit.ly/bZbkB1

regards
joe baptista