Paul A Vixie wrote:
> i asked all the root name servers about PER. this is what they said:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10
ok, so the same is true of nasa.com. all the roots return NXDOMAIN
(except J.ROOT-SERVERS.NET) and yet many nameservers
(presumably not running the fixed bind) return NOERROR for it.
yes.
so slowly Im realizing that whoever is doing this must be
contacting each and every nameserver individually and
giving them bad data. is this true?
yes, that is what alternic is doing. they are sending queries about their
own names to every nameserver they can learn about, and then when the victim
queries alternic's nameserver they get back bogus additional data. older name
servers (older than 4.9.5-P1, really, but 4.9.6 and 8.1.1 are the current
versions so those are the ones you should upgrade to) ignore the bogus
additional data.
has anyone documented exactly how all this has played out in
the last week. it seems like there is a lack of public discussion
on just how bad what the alternic is doing is...
i think this is the first time. i'm cc'ing NANOG since several folks there
are wondering exactly why i think the FBI should get involved and why i think
eugene kashpureff should be jailed.
(i have the packet traces to prove all of the above, from multiple servers.)
what i'm terribly confused about is why MCI won't just cut them off. what
alternic is doing is a violation of MCI's AUP, as well as of law and morality.
Mr. Kashpureff has been kind enough to document his work at:
http://www.alternic.net/press/
Regards,
Randy Benn
i think this is the first time. i'm cc'ing NANOG since several folks there
are wondering exactly why i think the FBI should get involved and why i think
eugene kashpureff should be jailed.
unfortunately i think
it's the FBI we need to convince
and i'm not sure they read nanog
(i have the packet traces to prove all of the above, from multiple servers.)
you may be the one the FBI needs
to hear from then
what i'm terribly confused about is why MCI won't just cut them off. what
alternic is doing is a violation of MCI's AUP, as well as of law and morality.
mmm,. . pretty words (really)
but as we all know by now,
the current state of Internet stats collection
and our elegantly ambiguous role as
not-really-common-carrier-but-don't-
regulate-or-tariff us-either-please-
just-leave-us-alone-we'll-be-fine
renders it fairly non-trivial for MCI
(or any other backbone provider, in fact MCI's
probably closer then elseNSP)
to provide the FBI with _proof_ that Eugene was
using mci as his testosterone transport mechanism,
so even their oodles of well-dressed lawyers
can't prove he's violating AUP
and it's not like mci can demand to know
what box he's playing from, what his routing
policy was at the time, etc. if you'd like
to get a deposition from him, i'm sure mci
would gladly forward it to the feds.
or if your tcpdump packets incriminate him
adequately, that would likely help them too.
MCI can't do much unless law enforcement asks them to,
which would require not only law enforcement w/clue
but also your log data proving the attacks used their pipes
(if you're comfortable they're not violating
any not-really-existent-but-if-they-did-exist-
they'd-be-unenforceably-ambiguous-anyway privacy laws)
the internet just isn't there yet
(there = with enforceable and sensical laws;
i think we'll have to punt on morality)
and we're apparently in much more of a rush to
implement faster push technology and verifiable
hit counts (for ad pricing schedules yum yum)
than integrity. sigh++;
fwiw
mci is not happy about it either
and is not Doing Nothing
but if you have something that would help -
k