North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: question about per. hack
> Paul A Vixie wrote: > > i asked all the root name servers about PER. this is what they said: > > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10 > > ok, so the same is true of nasa.com. all the roots return NXDOMAIN > (except J.ROOT-SERVERS.NET) and yet many nameservers > (presumably not running the fixed bind) return NOERROR for it. yes. > so slowly Im realizing that whoever is doing this must be > contacting each and every nameserver individually and > giving them bad data. is this true? yes, that is what alternic is doing. they are sending queries about their own names to every nameserver they can learn about, and then when the victim queries alternic's nameserver they get back bogus additional data. older name servers (older than 4.9.5-P1, really, but 4.9.6 and 8.1.1 are the current versions so those are the ones you should upgrade to) ignore the bogus additional data. > has anyone documented exactly how all this has played out in > the last week. it seems like there is a lack of public discussion > on just how bad what the alternic is doing is... i think this is the first time. i'm cc'ing NANOG since several folks there are wondering exactly why i think the FBI should get involved and why i think eugene kashpureff should be jailed. (i have the packet traces to prove all of the above, from multiple servers.) what i'm terribly confused about is why MCI won't just cut them off. what alternic is doing is a violation of MCI's AUP, as well as of law and morality.