question about per. hack

• Previous message (by thread): Dual homing, BGP4 questions--I need help
• Next message (by thread): question about per. hack
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Paul A Vixie wrote:
> > i asked all the root name servers about PER.  this is what they said:
> > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10
> 
> ok, so the same is true of nasa.com.  all the roots return NXDOMAIN
> (except J.ROOT-SERVERS.NET) and yet many nameservers
> (presumably not running the fixed bind) return NOERROR for it.

yes.

> so slowly Im realizing that whoever is doing this must be
> contacting each and every nameserver individually and
> giving them bad data.  is this true?  

yes, that is what alternic is doing.  they are sending queries about their
own names to every nameserver they can learn about, and then when the victim
queries alternic's nameserver they get back bogus additional data.  older name
servers (older than 4.9.5-P1, really, but 4.9.6 and 8.1.1 are the current
versions so those are the ones you should upgrade to) ignore the bogus
additional data.

> has anyone documented exactly how all this has played out in
> the last week.  it seems like there is a lack of public discussion
> on just how bad what the alternic is doing is...

i think this is the first time.  i'm cc'ing NANOG since several folks there
are wondering exactly why i think the FBI should get involved and why i think
eugene kashpureff should be jailed.

(i have the packet traces to prove all of the above, from multiple servers.)

what i'm terribly confused about is why MCI won't just cut them off.  what
alternic is doing is a violation of MCI's AUP, as well as of law and morality.

• Previous message (by thread): Dual homing, BGP4 questions--I need help
• Next message (by thread): question about per. hack
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]