Six worst Internet routing attacks

Wrong folks to slam.

Carolyn,

Having been intimately involved in the event, I can say with some authority that the second item on your list, "ICANN puts root server at risk" is simply wrong and most definitely did NOT "[disrupt] traffic to Web sites or entire networks because of incorrect routing messages being propagated across the Internet through BGP."

For historical reasons, ICANN had been using an address for the L root server that was allocated for the purposes of number Internet exchange points (which, at the time, I would argue was a reasonable choice). When ICANN undertook to improve the L root server infrastructure, we decided to renumber to a new address dedicated to the L root server. ICANN followed standard procedures in announcing the renumbering of the L root server, including a transition period when we continued to answer DNS queries at the old L root server address. Unbeknownst to us, however, another individual associated with the root server operators took it upon himself to enter into an agreement with a third party to serve the exact same DNS root data at the old address. Since during the transition DNS queries were still be answered at the old L root server by design, the fact that someone else was answering DNS queries with the same data was not obvious.

When ICANN turned off the name server at the old L root server address, we immediately noticed answers kept coming back to queries sent to that address. Within minutes, we had ascertained what was happening and undertook to have that unauthorized root DNS service discontinued. The fact that it took a few days for the unauthorized service to stop is a function of the lack of centralized control of the Internet and I doubt you are suggesting that this be changed. The fact that no ISP, security organization, network monitoring group, etc., noticed the fact that the old L address was being announced may also say something.

However, throughout this incident, the L root server was NOT at risk and no traffic was disrupted. If the DNS server responding on the old L root server address had responded with anything other than correct data or had responses been disrupted in any way, it would have been quickly detected and remedied. Where ICANN could have done (and now does do) better was monitoring the routing system (not just the destinations) to detect unauthorized announcements of critical Internet prefixes.

Having read your work in the past, I have felt you were a cut above many of the tech journalists I have read or been interviewed by. I am disappointed you would slam ICANN for "screwing up", particularly when the problem you write about doesn't even meet the criteria you yourself set for being among the "six worst Internet routing attacks" and the presentation you reference states there was no evidence of any disruption.

Regards,
-drc

バッテリー

大阪でバッテリー販売。 セルモーターリビルト。 オルタネーターリビルト。リビルト在庫多数。大阪で電装品販売。リンク品在庫多数。大阪でウイング車モーター修理・販売・在庫多数。大阪でパワーゲート車モーター修理・販売・在庫多数。