http://www.merit.edu/mail.archives/nanog/msg02459.html gentlemen, stop your engines a.. From: Paul Vixie b.. Date: Mon Aug 12 12:07:20 2002 -------------------------------------------------------------------------------- after six reports that 192.5.5.241's address has been forged as the source of a tcp "fragmented scan" probe, i'm ready to have it stop. but just in case it doesn't, this is fair warning to the community: F's address is in unlawful use by as-yet-unidentified third parties. re: ------- Forwarded Message From: ... To: "'abuse@VIX.COM'" <abuse@VIX.COM> Subject: Unauthorized Fragmented Scan Date: Mon, 12 Aug 2002 06:56:08 -0700 To whom it may concern, The Security Information & Analysis Center has detected an unauthorized scan against one of our networks that has a possible origin at 192.5.5.241. Please review the following initial information: IPHalfScan 08-11-2002 17:34:02 UTC 192.5.5.241:53 xxx.xxx.xxx.xxx:53 TCP IPHalfScan 08-11-2002 17:28:00 UTC 192.5.5.241:53 xxx.xxx.xxx.xxx:53 TCP Please take action to verify this address on your network and it's intent to scan our networks. Thank you for your assistance. SECURITY INFORMATION AND ANALYSIS CENTER 1-877-... ------- End of Forwarded Message Modern DNS software finds the TLD Clusters, tracks them, and does not use ANY "root servers" (legacy or alt). People who rely on a dozen 32-bit IPv4 addresses to be coherently routed are fools, in my opinion. Any organization that promotes that type of structure and architecture as "secure" is perpetrating a fraud on unsuspecting users, who assume the system is stable and secure. Root servers are out of date, do not always track the TLD Cluster(s), do not support fail-over to back-up TLD Clusters, in cases of a major corporate failure. People continue to use them at their peril, yet clearly profit from telling people to use them. Jim Fleming 2002:[IPv4]:000X:03DB:...IPv8 is closer than you think... http://www.iana.org/assignments/ipv4-address-space http://www.ntia.doc.gov/ntiahome/domainname/130dftmail/unir.txt