[ga] Re: [ NNSquad ] ICANN helps China censor Internet. Root servers leak censored DNS replies outside Great Firewall

[Joe Baptista <baptista@xxxxxxxxxxxxxx>]

On Sat, Mar 27, 2010 at 10:27 AM, McTim <dogwallah@xxxxxxxxx> wrote:

> last comments on this ridiculous thread:
>

I hope so too ... :) Peace and love will win the day provided they are
supported on facts. Much of what you are providing me with is pure
speculation .. see below for specific references to same.


>
>
> On Sat, Mar 27, 2010 at 4:59 PM, Joe Baptista <baptista@xxxxxxxxxxxxxx>
> wrote:
> > see comments below ...
> >
> > On Sat, Mar 27, 2010 at 1:09 AM, McTim <dogwallah@xxxxxxxxx> wrote:
> >>
> >> Joe,
> >>
> >> On Fri, Mar 26, 2010 at 11:21 PM, Joe Baptista <baptista@xxxxxxxxxxxxxx
> >
> <snip>
> > I don't know if ICANN is involved. Thats the speculation.
>
> that is YOUR speculation!
>

I think it's possible but unlikely. But I'm not the one speculating. the
speculation started with a message from Andrew McMeikan on the GA concerning
"censorship among root servers" - which see reference: http://bit.ly/9hMM4p

It is I who put a top to that speculation which is why I posted the message
to the GA - which see http://bit.ly/d1nS45 - asking Rod Beckstrom to tell us
what happened. As you can clearly see from the speculation. I speculate this
angle is viable - but unlikely. If I were to put money down on the odds It
would be a long shot gamble. ICANN is crazy enough and desperate enough for
Chinas consent they may very well.

But why should we both be speculating when we have Beckstrom on the GA to
give us answers. So far silence.

Tim the root servers are serious business. Here are the facts - for a period
of time the root servers were hijacked for some people on the Internet -
thats all we know - everything else is speculation. The privacy, security
and confidentiality of unknown millions of users has been hijacked. Now I
expect Beckstrom to answer some simple questions - what happened - who was
involved - talk to us. Silence is not the answer I expect.

Time for ICANN's golden boy to dance and start answering and explaining?
Don't you think Tim that would be better then the joint speculation were
participating in. I need answers. Everyone understanding the ramifications
of what happened needs answers.



>
>  And it makes
> > sense. Rod Becstrom at ICANN has been groveling recently before the
> Chinese
> > to get them to list their IDN TLDs on the ICANN root. Agreeing to do
> China's
> > dirty work makes sense.
>
> it actually makes NO sense
>

Well he has been bending over backwards for them. As you may know Tim - and
as I have reported on the GA for years - the Chinese have been operating
their own national TLD system and they are asking ICANN the same questions
the world should ask. Why should we trust you.

More speculation - could be an inside job. All that ICANN ass kissing in
China may have failed and ICANN needs an excuse. It's a great way to offend
the Chinese. Claim they are responsible - give ICANN a way out of the
negotiations. We will never know. But what we need to know are the facts and
that starts with forensic evidence - and so far I see non of that in your
claim - which is more speculation.


>
>
> >
> > But thats only speculation and nothing more. Makes about as much sense as
> > PRC agents redirecting the root. Thats speculation too.
>
> Apparently not.  DNS-OPS just got this mail:
>

More speculation Tim? Here are the facts as I can see them. The email you
attached - see below contains c code from the google code project to
identify fake DNS packets. The email contains no forensic evidence. The
author of the email 崔莺莺 (Cui Yingying) says the phenomenon is wrong DNS
replies sent by the notorious Great Firewall of China. But it provides no
reference to the data collected or articles on the subject.

I have taken this opportunity to cc Yingying if she could provide us with
further references on this. It would be much appreciated. If Yingying
collected data using the program and is willing to share it would me - I
certainly would be appreciative.

Why knows Tim - maybe you are right. But we won't know until we get some
answers. And it would help to see the forensic evidence. But right now I'll
settle for a answer from ICANN. Not silence - I'm sure we can all agree to
that.

People - portions of the Internet were hijacked. For all I know my
connection could of been hijacked (actually my connection was not at risk -
i run my own root server right on my laptop). But any of you could of been
affected and no one would know. Thats scary. And any of you out there who
can up the pressure on ICANN to start answering questions I strongly suggest
you take the initiative and light some fires under golden boys ass.

This is a serious Internet event. We need answers to some basic questions.
We need to stop the speculation and get some answers to what went wrong
here.

regards
joe baptista


>
>
>
>
> ---------- Forwarded message ----------
> From: 崔莺莺 <yingyingcui.scholarzhang@xxxxxxxxx>
> Date: Sat, Mar 27, 2010 at 5:07 PM
> Subject: [dns-operations] Source code to identify the fake DNS packets
> from China Re: Odd behaviour on one node in I root-server (facebook,
> youtube & twitter)
> To: dns-operations@xxxxxxxxxxxxxxxxxx
>
>
> These wrong DNS replies are sent by the notorious Great Firewall of
> China. Checked by this program, the phenomenon is GFW's DNS poisoning
> without doubt.
>
> There is one version of the matching function in
>
> http://code.google.com/p/scholarzhang/source/browse/trunk/west-chamber/extensions/xt_gfw.c
> . And in the google code project mentioned, the xt_gfw.c provided a
> iptables module to match the certain packets.
>
> <code to detect GFW DNS abuse snipped>
>
>
> JB:
> So far from what I
> > have seen of the technical details the only thing we know for certain is
> > that the root was diverted to some social networking site in Korea.
> >
> > This could also be a covert inside job for the DNSSEC make work project.
>
> and pigs might sprout wings and fly away.
>
>
> --
> Cheers,
>
> McTim
> "A name indicates what we seek. An address indicates where it is. A
> route indicates how we get there."  Jon Postel
>