<<<
Chronological Index
>>> <<<
Thread Index
>>>
[ga] Re: [atlarge-discuss] Re: Why People Should NOT Depend on "Root Servers"
Todd and all assembly members, stakeholders or other interested parties,
todd glassey wrote:
> Folks -
> Paul Vixie is dead on here but the real problem is not DNS, but rather the
> routing protocols that allow this type of address forgery to be propagated.
Well Paul may not participate on here any longer for his long ago
already stated reasons. But I don't believe he is dead! >;)
As far a the rest of your comments/observations, I could not agree
with you more Todd...
BTW, this was discussed in brief today in Waco at the Presidents
Economic Conference... I will have more for you on that to put up on
ICANNWatch if you wish later...
>
> This is the subtle difference here and the biggest criminal here is that
> even with a forged DNS service, the real issue is still Cisco and its
> brethren for forcing the propagation of routing standards that are
> insecurable and indefensible - the other bad-guy here is the IETF for not
> being more in control or forcing issues of security to be ingrained into
> their protocols that they have or are in the process of making as standards.
>
> This is one of the greatest instances proving that the ICANN and the IETF
> themselves with their current management and format, are incompetetent to
> build or enforce standards. If they had done their job properly and allowed
> external input or review of their efforts, then this never would have
> happened.
>
> Just my personal 2 cents here.
> Todd Glassey
>
> ----- Original Message -----
> From: "Jim Fleming" <JimFleming@ameritech.net>
> To: "'The IETF'" <ietf@ietf.org>; <chandley@ntia.doc.gov>;
> <nvictory@ntia.doc.gov>; <censslin@ntia.doc.gov>; <DEvans@doc.gov>
> Cc: <yjpark@myepark.com>; <vivek@vivekdurai.com>; "Vittorio Bertola"
> <vb@vitaminic.net>; "todd glassey" <todd.glassey@worldnet.att.net>; "Richard
> Henderson" <richardhenderson@ntlworld.com>; "Kristy McKee" <k@widgital.com>;
> <karl@cavebear.com>; "Joop Teernstra" <terastra@terabytz.co.nz>; "Joanna
> Lane" <jo-uk@rcn.com>; <jefsey@jefsey.com>; <james.love@cptech.org>;
> <j.oppenheimer@att.net>; <icheckemail@indiatimes.com>; <ellen@rony.com>;
> "Elisabeth Porteneuve" <Elisabeth.Porteneuve@cetp.ipsl.fr>; "Alexander
> Svensson" <alexander@svensson.de>; "Joe Baptista" <baptista@dot-god.com>
> Sent: Tuesday, August 13, 2002 7:04 AM
> Subject: Why People Should NOT Depend on "Root Servers"
>
> > http://www.merit.edu/mail.archives/nanog/msg02459.html
> > gentlemen, stop your engines
> >
> > a.. From: Paul Vixie
> > b.. Date: Mon Aug 12 12:07:20 2002
> >
> > --------------------------------------------------------------------------
> ------
> >
> > after six reports that 192.5.5.241's address has been forged as the source
> > of a tcp "fragmented scan" probe, i'm ready to have it stop. but just in
> > case it doesn't, this is fair warning to the community: F's address is in
> > unlawful use by as-yet-unidentified third parties.
> >
> > re:
> >
> > ------- Forwarded Message
> >
> > From: ...
> > To: "'abuse@VIX.COM'" <abuse@VIX.COM>
> > Subject: Unauthorized Fragmented Scan
> > Date: Mon, 12 Aug 2002 06:56:08 -0700
> >
> > To whom it may concern,
> >
> > The Security Information & Analysis Center has detected an
> > unauthorized scan against one of our networks that has a possible origin
> at
> > 192.5.5.241.
> >
> > Please review the following initial information:
> >
> > IPHalfScan 08-11-2002 17:34:02 UTC 192.5.5.241:53
> > xxx.xxx.xxx.xxx:53 TCP
> > IPHalfScan 08-11-2002 17:28:00 UTC 192.5.5.241:53
> > xxx.xxx.xxx.xxx:53 TCP
> >
> > Please take action to verify this address on your network
> > and it's intent to scan our networks. Thank you for your assistance.
> >
> > SECURITY INFORMATION AND ANALYSIS CENTER
> > 1-877-...
> >
> > ------- End of Forwarded Message
> >
> >
> > Modern DNS software finds the TLD Clusters, tracks them, and
> > does not use ANY "root servers" (legacy or alt). People who rely
> > on a dozen 32-bit IPv4 addresses to be coherently routed are fools,
> > in my opinion. Any organization that promotes that type of structure
> > and architecture as "secure" is perpetrating a fraud on unsuspecting
> > users, who assume the system is stable and secure. Root servers are
> > out of date, do not always track the TLD Cluster(s), do not support
> > fail-over to back-up TLD Clusters, in cases of a major corporate
> > failure. People continue to use them at their peril, yet clearly profit
> > from telling people to use them.
> >
> > Jim Fleming
> > 2002:[IPv4]:000X:03DB:...IPv8 is closer than you think...
> > http://www.iana.org/assignments/ipv4-address-space
> > http://www.ntia.doc.gov/ntiahome/domainname/130dftmail/unir.txt
> >
> >
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: atlarge-discuss-unsubscribe@lists.fitug.de
> For additional commands, e-mail: atlarge-discuss-help@lists.fitug.de
Regards,
--
Jeffrey A. Williams
Spokesman for INEGroup - (Over 127k members/stakeholders strong!)
CEO/DIR. Internet Network Eng/SR. Java/CORBA Development Eng.
Information Network Eng. Group. INEG. INC.
E-Mail jwkckid1@ix.netcom.com
Contact Number: 214-244-4827 or 972-244-3801
Address: 5 East Kirkwood Blvd. Grapevine Texas 75208
--
This message was passed to you via the ga-full@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga-full" in the body of the message).
Archives at http://www.dnso.org/archives.html
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|