Blog Archives for May, 2008

There have been a number of attacks on the root name servers over the years, and much written on the topic. (A few references are here, here and here.) Even if you don't know exactly what these servers do, you can't help but figure they're important when the US government says it is prepared to launch a military counterattack in response to cyber-attacks on them.

This posting is about an attack on one such root name server. Actually, "attack" isn't really an appropriate term. It was not really an attack or a hijack or even identity theft. For one thing, these terms imply the existence of both a victim and a villain. In this story, the villains are not obvious and there might not have been any victims. And as we will see, you can't really steal something you own. All we can say for certain is that many of you, if not most, probably used an unauthorized root name server over the past few months and were blissfully unaware of it. These bogus servers may have acted just like a normal root server, providing the correct answers to your queries without logging your requests. But since these servers are now shut down, we can no longer investigate what they were doing. And we can only guess at the motivations of those who set them up.

Continue reading "Identity Theft Hits the Root Name Servers" »

Here at Renesys, we've almost come to expect that natural disasters will be immediately reflected in changes to Internet routing. We've certainly seen that in events such as Hurricane Katrina and the Taiwanese earthquakes. So it was with some surprise that neither the earthquakes in Sichuan province in central China or the Myanmar cyclone registered so much as a blip on our Internet radar.

We currently geo-locate 3 networks (prefixes) to Myanmar and over 2000 to Sichuan province. Over the course of these unfortunate tragedies, we have seen only a normal level of network instability or outages. In the case of China, since the large providers into the country tend to do a good job aggregating prefixes, visibility into the behavior of smaller prefixes only comes from having in-country sources of data. But even our Chinese peers show nothing abnormal with respect to Sichuan networks. Hopefully the apparent lack of damage to the communications infrastructure in these areas will help speed relief efforts.