Home page logo
/

nanog logo nanog mailing list archives

Re: question about per. hack
From: Paul A Vixie <vixie () vix com>
Date: Mon, 21 Jul 1997 15:36:22 -0700

Paul A Vixie wrote:
i asked all the root name servers about PER.  this is what they said:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10

ok, so the same is true of nasa.com.  all the roots return NXDOMAIN
(except J.ROOT-SERVERS.NET) and yet many nameservers
(presumably not running the fixed bind) return NOERROR for it.

yes.

so slowly Im realizing that whoever is doing this must be
contacting each and every nameserver individually and
giving them bad data.  is this true?  

yes, that is what alternic is doing.  they are sending queries about their
own names to every nameserver they can learn about, and then when the victim
queries alternic's nameserver they get back bogus additional data.  older name
servers (older than 4.9.5-P1, really, but 4.9.6 and 8.1.1 are the current
versions so those are the ones you should upgrade to) ignore the bogus
additional data.

has anyone documented exactly how all this has played out in
the last week.  it seems like there is a lack of public discussion
on just how bad what the alternic is doing is...

i think this is the first time.  i'm cc'ing NANOG since several folks there
are wondering exactly why i think the FBI should get involved and why i think
eugene kashpureff should be jailed.

(i have the packet traces to prove all of the above, from multiple servers.)

what i'm terribly confused about is why MCI won't just cut them off.  what
alternic is doing is a violation of MCI's AUP, as well as of law and morality.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]