[ga] Re: [ NNSquad ] ICANN helps China censor Internet. Root servers leak censored DNS replies outside Great Firewall

[Joe Baptista <baptista@xxxxxxxxxxxxxx>]

see comments below ...

On Sat, Mar 27, 2010 at 1:09 AM, McTim <dogwallah@xxxxxxxxx> wrote:

> Joe,
>
> On Fri, Mar 26, 2010 at 11:21 PM, Joe Baptista <baptista@xxxxxxxxxxxxxx>
> wrote:
> > see comments below ....
> >> I don't understand why you want to drag ICANN into this, it's nothing
> >> to do with them.  They are not aiding or abetting anyone in China who
> >> is messing with DNS replies.
> >
> > If that is the case that neither ICANN nor China are involved as has been
> > reported in some cases
>
> It has been suggested that this is done by agents of the PRC, but it
> has not been suggested (except by you) that ICANN is involved.
>

I don't know if ICANN is involved. Thats the speculation. And it makes
sense. Rod Becstrom at ICANN has been groveling recently before the Chinese
to get them to list their IDN TLDs on the ICANN root. Agreeing to do China's
dirty work makes sense.

But thats only speculation and nothing more. Makes about as much sense as
PRC agents redirecting the root. Thats speculation too. So far from what I
have seen of the technical details the only thing we know for certain is
that the root was diverted to some social networking site in Korea.

This could also be a covert inside job for the DNSSEC make work project. Any
of these scenarios is possible. Only ICANN can answer the question "What
Happened" and so far they have been silent on this.


> Both "l" and CNNIC are stating that they are serving the root as they
> should.
>
>  - then it means the root was hijacked.
>
> Not that the root was hijacked, just that certain DNS relies were
> rewritten be a Man in the Middle from one node of one rootop anycast
> node.
>

Not necessarily - unless you have proof of an MitM. If you do forward it to
me. Right now thats more speculation.

What we need is less speculation and more answers. So far the ICANN
authority has been silent - which is not good because it encourages more
speculation.


>
> Thats just as
> > serious as what is being reported. I have already speculated on the GA
> the
> > incident could be the work of hackers - http://bit.ly/d1nS45 - then
> again
> > this may be an inside job to push the DNSSEC agenda.
>
> This is not a credible speculation.
>

There is no such animal as credible speculation. There is nothing credible
about speculation. Speculating it could be an inside job to push the DNSSEC
agenda is just as credible as claiming PRC agents are involved.

In fact the DNSSEC make work project agenda is more credible then the PRC
agent claim.

The only thing I can see that offers any clues to what happened are the
answers being given for facebook by the i.root. During the incident
www.facebook.com had an IP address of 46.82.174.68 and facebook.com had an
IP address of 59.24.3.173. 59.24.3.173 is delegated to a Korean social
networking site and 46.82.174.68 looks like a block delegated to the
European Registry.

So if your looking for "credible speculation" the best we can do based on
the evidence is to suggest some Korean social networking site and the
European Registry (or RIPE) conspired in this attack. And I don't believe
that.

The problem now is that the speculation will continue until we hear from
ICANN. Earth to ICANN? Come in ICANN? What happened?

regards
joe baptista