Re: [ga] censorship among root servers

["Jeffrey A. Williams" <jwkckid1@xxxxxxxxxxxxx>]

<HEAD>
<STYLE>body{font-family: 
Geneva,Arial,Helvetica,sans-serif;font-size:10pt;font-family:arial,sans-serif;background-color:#ffffff;color:black;}p{margin:0px}</STYLE>

<META content="MSHTML 6.00.6000.16825" name=GENERATOR></HEAD>
<BODY id=compText>
<P>Dr. Joe and all,</P>
<P>&nbsp;</P>
<P>&nbsp; Perhaps it would be better or in the best interest of all concerned 
or potentially</P>
<P>effected in Canada if you reported this to the RCMP and/or Interpol 
accordingly.</P>
<P>I am CC'ing our relevant LEA's in this response.&nbsp; Hopefully they have 
the intelegance</P>
<P>to spot the potential problem and subsequent risk accordingly.&nbsp; But I 
am not holding</P>
<P>my breath in the anticipation of same.<BR><BR><BR></P>
<BLOCKQUOTE style="PADDING-LEFT: 5px; MARGIN-LEFT: 0px; BORDER-LEFT: #0000ff 
2px solid">-----Original Message----- <BR>From: Joe Baptista 
<BAPTISTA@xxxxxxxxxxxxxx><BR>Sent: Mar 26, 2010 11:18 AM <BR>To: Andrew 
McMeikan <ANDREWM@xxxxxxxxxxxx><BR>Cc: "ga@xxxxxxxxxxxxxx" <GA@xxxxxxxxxxxxxx>, 
Rod Beckstrom <ROD.BECKSTROM@xxxxxxxxx>, Rod Beckstrom 
<ROD_BECKSTROM@xxxxxxxxx><BR>Subject: Re: [ga] censorship among root servers 
<BR><BR>I was wondering how long this would take to make the rounds. This is a 
serious issue. See RFC 2826 <A href="http://bit.ly/drkKN8"; 
target=_blank>http://bit.ly/drkKN8</A><BR><BR>
<DIV class=gmail_quote>On Fri, Mar 26, 2010 at 9:47 AM, Andrew McMeikan <SPAN 
dir=ltr>&lt;<A href="mailto:andrewm@xxxxxxxxxxxx"; 
target=_blank>andrewm@xxxxxxxxxxxx</A>&gt;</SPAN> wrote:<BR>
<BLOCKQUOTE class=gmail_quote style="PADDING-LEFT: 1ex; MARGIN: 0pt 0pt 0pt 
0.8ex; BORDER-LEFT: rgb(204,204,204) 1px solid"><BR>I was reading<BR><A 
href="https://lists.dns-oarc.net/pipermail/dns-operations/2010-March/005267.html";
 
target=_blank>https://lists.dns-oarc.net/pipermail/dns-operations/2010-March/005267.html</A><BR></BLOCKQUOTE>
<DIV><BR>I first saw it here: <BR>&nbsp;<BR></DIV>
<BLOCKQUOTE class=gmail_quote style="PADDING-LEFT: 1ex; MARGIN: 0pt 0pt 0pt 
0.8ex; BORDER-LEFT: rgb(204,204,204) 1px solid"><BR>which suggests that some of 
China's censorship is leaking but would<BR>seem mostly confined (i.e. not 
leaking to Japan)<BR></BLOCKQUOTE>
<DIV><BR>First of all this is a very grave and serious issue having incredible 
security repercussions world wide. If in fact a root server was responding that 
facebook could be found at IP address<I><I> </I></I>46.82.174.68 then we have a 
problem. A root server the world depends on has been hijacked.<BR><BR>Rod 
Beckstrom should investigate and report back immediately on what happened. I 
remind this group that it only takes one root server to take over the entire 
net. I've proven that technical point on two occasions. Rod should address the 
following questions:<BR><BR>1. What happened?<BR><BR>2. Did ICANN know i.root 
server was censoring <A href="http://facebook.com"; 
target=_blank>facebook.com</A> in China? <BR><BR>3. Did ICANN approve 
this?<BR><BR>Folks - please remember the servers may have been hijacked. ICANN 
and China may not have been involved. It's easy to hijack IP numbers. I know 
some people over in Amsterdam who hijack IP. It's happened to me.<BR><BR>The 
problem here irrespective of censorship or hijacker issues is if more sites 
were tampered with. Was the condition above only restricted to <A 
href="http://facebook.com"; target=_blank>facebook.com</A> or is it possible 
other web sites have been compromised. Banks, Governments, finance companies, 
credit cards etc. etc. etc. We probably won't ever know. People would just 
notice a slower response time on the web because of the proxy in between. This 
proxy site at 46.82.174.68 and<I><I> </I></I>59.24.3.173 would collect the 
users personal information for whatever domain was being 
intercepted.<BR><BR>Whomever the root hijacker is they are behind the proxy 
sites that were running at IPv4 addresses 46.82.174.68 and<I><I> 
</I></I>59.24.3.173<I><I>. </I></I>46.82.174.68 looks like an unallocated block 
at RIPE and<I><I> </I></I>59.24.3.173 allocated to KT Corporation in Korea. The 
companies website looks like a social networking site. So either they were 
somehow involved as network providers to the China ICANN censorship conspiracy 
or their routing was hacked.<BR><I><I><BR></I></I>So if this was not an ICANN 
China conspiracy to test the DNS - then I would be very worried right now 
because millions of facebook user accounts could be compromised.<BR><BR>And I 
hate to rub everyones nose in it - but if this in fact did happen and facebook 
users were redirected - then it proves my point. To be secure one should 
operate their own root servers. <BR><BR>&nbsp;</DIV>
<BLOCKQUOTE class=gmail_quote style="PADDING-LEFT: 1ex; MARGIN: 0pt 0pt 0pt 
0.8ex; BORDER-LEFT: rgb(204,204,204) 1px solid"><BR>Is this the start to the 
end of DNS? &nbsp;Implementing censorship occurs<BR>&nbsp;more aggressively as 
western countries embrace what was previously<BR>frowned on as totalitarian 
giving countries that already embrace<BR>censorship a justifiable position in 
more extreme censorship.<BR><BR>If root nodes are compromised to the point that 
they redirect<BR>queries to false sites then any trust in DNS is lost.<BR><BR>I 
call on everyone here to support a declaration that:<BR>"No censorship can be 
tolerated within the root servers."<BR>and that this supported declaration be 
forwarded to the ICANN board<BR>that they may press China to chose another way 
to achieve their<BR>internal polices than polluting a global shared 
resource.<BR><BR>I trust that this is such a minimalist statement that it can 
receive<BR>unanimous support within the general assembly. &nbsp;My personal 
views on<BR>censorship would like to make a much broader statement but 
without<BR>this minimal simplistic position for root server trust, I feel 
that<BR>there can be no functioning name system.<BR><BR></BLOCKQUOTE>
<DIV><BR>Yes - you are absolutely right in all of your concerns and Rod 
Beckstrom has to give us some hard answers.<BR><BR>This may very well be the 
final nail in ICANNs coffin.&nbsp; This is also a serious wake up call to 
governments world wide. If governments want to guarantee their people and 
infrastructure is secure then they have to kiss the thirteen ugly root sisters 
goodbye and run their own root infrastructure or run the risk that some other 
government or hacker kid can cause havoc to your 
networks.<BR></DIV></DIV><BR>P.S. There is a less technical description of what 
happened at <A href="http://bit.ly/bZbkB1"; 
target=_blank>http://bit.ly/bZbkB1</A><BR><BR>regards<BR>joe baptista
<P>Regards,<BR><BR>Jeffrey A. Williams<BR>Spokesman for INEGroup LLA. - (Over 
294k members/stakeholders and growing, strong!)<BR>"Obedience of the law is the 
greatest freedom" -<BR>&nbsp;&nbsp; Abraham Lincoln<BR><BR>"Credit should go 
with the performance of duty and not with what is very<BR>often the accident of 
glory" - Theodore Roosevelt<BR><BR>"If the probability be called P; the injury, 
L; and the burden, B; liability<BR>depends upon whether B is less than L 
multiplied by<BR>P: i.e., whether B is less than PL."<BR>United States v. 
Carroll Towing&nbsp; (159 F.2d 169 [2d Cir. 
1947]<BR>===============================================================<BR>Updated
 1/26/04<BR>CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. 
div. of<BR>Information Network Eng.&nbsp; INEG. INC.<BR>ABA member in good 
standing member ID 01257402 E-Mail jwkckid1@xxxxxxxxxxxxx<BR>Phone: 
214-244-4827<BR></P></ZZZBODY><BR></BLOCKQUOTE></BODY>