ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Why People Should NOT Depend on "Root Servers"

2002-08-13 07:10:10
from [Jim Fleming] [Permanent Link] 
http://www.merit.edu/mail.archives/nanog/msg02459.html
gentlemen, stop your engines

  a.. From: Paul Vixie 
  b.. Date: Mon Aug 12 12:07:20 2002 

--------------------------------------------------------------------------------

after six reports that 192.5.5.241's address has been forged as the source
of a tcp "fragmented scan" probe, i'm ready to have it stop.  but just in
case it doesn't, this is fair warning to the community: F's address is in
unlawful use by as-yet-unidentified third parties.

re:

------- Forwarded Message

From: ...
To: "'abuse(_at_)VIX(_dot_)COM'" <abuse(_at_)VIX(_dot_)COM>
Subject: Unauthorized Fragmented Scan
Date: Mon, 12 Aug 2002 06:56:08 -0700

                To whom it may concern,

                The Security Information & Analysis Center has detected an
unauthorized scan against one of our networks that has a possible origin at
192.5.5.241.

                Please review the following initial information:

                IPHalfScan  08-11-2002   17:34:02 UTC   192.5.5.241:53
xxx.xxx.xxx.xxx:53      TCP
                IPHalfScan  08-11-2002   17:28:00 UTC   192.5.5.241:53
xxx.xxx.xxx.xxx:53      TCP

                Please take action to verify this address on your network
and it's intent to scan our networks.  Thank you for your assistance.

                SECURITY INFORMATION AND ANALYSIS CENTER
                1-877-...

------- End of Forwarded Message


Modern DNS software finds the TLD Clusters, tracks them, and
does not use ANY "root servers" (legacy or alt). People who rely
on a dozen 32-bit IPv4 addresses to be coherently routed are fools,
in my opinion. Any organization that promotes that type of structure
and architecture as "secure" is perpetrating a fraud on unsuspecting
users, who assume the system is stable and secure. Root servers are
out of date, do not always track the TLD Cluster(s), do not support
fail-over to back-up TLD Clusters, in cases of a major corporate
failure. People continue to use them at their peril, yet clearly profit
from telling people to use them.

Jim Fleming
2002:[IPv4]:000X:03DB:...IPv8 is closer than you think...
http://www.iana.org/assignments/ipv4-address-space
http://www.ntia.doc.gov/ntiahome/domainname/130dftmail/unir.txt
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RFC2627, Beni Arazi
Next by Date:  Re: Why People Should NOT Depend on "Root Servers", Jim Fleming
Previous by Thread:  RFC2627, Beni Arazi
Next by Thread:  Re: Why People Should NOT Depend on "Root Servers", todd glassey
Indexes:  [Date] [Thread] [Top] [All Lists]