http://www.foxnews.com/politics/2010/11/16/internet-traffic-reportedly-routed-chinese-servers/
What's the big deal ? Just look at what the sticker under whatever
you are using to type says ... Made in ?
We live in a hijacked world.
Cheers
BTW avoid foxnews, not much operational content there.
I know it, you know it .. and the problem is that operational content
turning up there has a nasty way of getting political
As it is, fox news is reporting something which was presented to congress
So, lessigisms like "code is law" aside, I guess yes, it IS political now.
Really? Seems to me like Glen Beck is always drawing a series of tubes
on his chalkboard? They all lead to Godwin's law though. Very strange...
I have read the article and the list, and I'm puzzled. It's pretty clear that the root gets its records from a common source, and that the copies of them being delivered by a given root server were different. As a result, traffic intended to go place A went to place B if the TLD lookup happened to go to the particular root server in question. How did an instance of the root server find itself serving changed records? While there is no obvious indication of who made the change or for what reason, it's unlikely it was accidental.
Not sure what Glenn Beck, Fox News, or Godwin's Law have to do with it. There was a technical event that resulted in misrouting of traffic, and while international concerns regarding it had political overtones, the technical event is not a political one. If it was your traffic that had been misrouted, you might have issued expressions of concern. So why respond to it with a political response?
Sounds to me like one of the arguments for DNSSEC deployment...
Man in the middle rewriting of DNS query responses is the only thing I
can think of.
Internet Traffic from U.S. Government Websites Was Redirected Via Chinese Networks | Fox News
I have read the article and the list, and I'm puzzled. It's pretty clear that the root gets its records from a common source, and that the copies of them being delivered by a given root server were different.
Hard to decipher what the Fox report is actually talking about, but I suspect it relates to http://www.renesys.com/blog/2010/06/two-strikes-i-root.shtml
Not sure what Glenn Beck, Fox News, or Godwin's Law have to do with it. There was a technical event that resulted in misrouting of traffic, and while international concerns regarding it had political overtones, the technical event is not a political one. If it was your traffic that had been misrouted, you might have issued expressions of concern. So why respond to it with a political response?
As for political vs. technical, it feels (particularly given the Fox report is sourced from a paper on US-China relations) like yet more cyber war drum beating, but that might just be me.
Sounds to me like one of the arguments for DNSSEC deployment...
DNSSEC would let you know something odd happened (if you're doing a DNS lookup, have validation turned on, and can tell the difference between SERVFAIL generated stub resolver timeout and a random Internet brokenness), although it doesn't really give you any tools to fix it. What really needs to be fixed is "routing by rumor".
Regards,
-drc
Greetings,
> >> http://www.foxnews.com/politics/2010/11/16/internet-traffic-reportedly-routed-chinese-servers/
>
> Hard to decipher what the Fox report is actually talking about,
> but I suspect it relates to
> http://www.renesys.com/blog/2010/06/two-strikes-i-root.shtml
I would echo the thoughts earlier in this thread that the Fox story
is making rather non-technical or technically vague statements.
As I read the text [*], my suspicion is that this report has very
little to do with the I-root's global Beijing instance (exposure to
risk here would requires DNS tampering, visibility outside China
and, to boot, is probabilistic, rather than wholesale). The article
makes references to the terms hijacking, redirection, a 'state-owned
Chinese telecommunications firm' and 'security vulnerabilities
pertaining to Internet routing processes'.
It seems much more likely that this article is a digested summary of
the routing leak (re-origination) of tens of thousands of prefixes
by AS 27374, discussed on this list and detailed by BGPMon:
http://mailman.nanog.org/pipermail/nanog/2010-April/020789.html
http://bgpmon.net/blog/?p=282
Danny McPherson also posted a nice summary here, as well, and
identfies the problem we know and love so well (BGP) and even refers
'routing by rumour', as you did David.
http://mailman.nanog.org/pipermail/nanog/2010-April/020864.html
The Fox story twice refers to 2010-04-18, but the date was
2010-04-08.
-Martin
a message of 17 lines which said:
Man in the middle rewriting of DNS query responses is the only thing I
can think of.
And it's easy to detect since the rewriter tells the truth about its
own name. From China, query "dig @I.root-servers.net CH TXT
hostname.bind" and, instead of the normal name of a Netnod instance,
you will get a chinese name (such as c1-zaojunmiao-ns1)...
I can detect from the report that this has anything to do with i.root? Can you explain that?
Looking at the dates referred to it seem more to be related to the routing leaks on April 8th. Or do you have additional information?
Best regards,
- kurtis -
Before the rumor mill get's going based on the Renesys work again, the article doesn't mention DNS, it mentions re-routing of traffic. I would like to repreat what we have said in the past.
As best as we can tell - no i.root-servers.net instance operated by us has answered incorrectly - ever. We serve the data exactly as we receive it from IANA.
When I read the article I assumed it referred to the routing leaks of April 8th that was also discussed on Nanog. But I haven't read the report, nor has anyone contacted us regarding it. Renesys has though, a few weeks ago contacted us to get some data from us on what happened in March.
Best regards,
- kurtis -
Internet Traffic from U.S. Government Websites Was Redirected Via Chinese Networks | Fox News
I can detect from the report that this has anything to do with i.root? Can you explain that?
Apparently typing fast is not a good idea 
I meant to say "I cannot deduct"...
Looking at the dates referred to it seem more to be related to the routing leaks on April 8th. Or do you have additional information?
Best regards,
- kurtis -
Best regards,
- kurtis -
...and the washington post article at http://www.washingtontimes.com/news/2010/nov/15/internet-traffic-was-routed-via-chinese-servers/ seems to refer the April 8th, which matches the route-leak.
did you have any other source?
Best regards,
- kurtis -
I had the timeframe wrong then and it was the April 8 routing leaks.
Sorry for the false alarm.
two observations:
) this sounds/looks like a modern kremvax story
) what a slow news day
--bill
I believe the entire mambo-jambo badly researched and digested news
piece comes from page 241 of the following report:
http://www.uscc.gov/annual_report/2010/annual_report_full_10.pdf
Cheers
Jorge
Forgot to include that the "18 minute" reference is on page 244.
-J
This little border skirmish is a good reminder that we build and
operate one of the key battlegrounds on which all current and future
wars are, and will be, fought.
David
Too much SciFi, nothing better and more effective than a fully loaded
ol'gun, the bigger the better, also if it can fly remotely operated.
-J