Todd and all assembly members, stakeholders or other interested parties, todd glassey wrote: > Folks - > Paul Vixie is dead on here but the real problem is not DNS, but rather the > routing protocols that allow this type of address forgery to be propagated. Well Paul may not participate on here any longer for his long ago already stated reasons. But I don't believe he is dead! >;) As far a the rest of your comments/observations, I could not agree with you more Todd... BTW, this was discussed in brief today in Waco at the Presidents Economic Conference... I will have more for you on that to put up on ICANNWatch if you wish later... > > This is the subtle difference here and the biggest criminal here is that > even with a forged DNS service, the real issue is still Cisco and its > brethren for forcing the propagation of routing standards that are > insecurable and indefensible - the other bad-guy here is the IETF for not > being more in control or forcing issues of security to be ingrained into > their protocols that they have or are in the process of making as standards. > > This is one of the greatest instances proving that the ICANN and the IETF > themselves with their current management and format, are incompetetent to > build or enforce standards. If they had done their job properly and allowed > external input or review of their efforts, then this never would have > happened. > > Just my personal 2 cents here. > Todd Glassey > > ----- Original Message ----- > From: "Jim Fleming" <JimFleming@ameritech.net> > To: "'The IETF'" <ietf@ietf.org>; <chandley@ntia.doc.gov>; > <nvictory@ntia.doc.gov>; <censslin@ntia.doc.gov>; <DEvans@doc.gov> > Cc: <yjpark@myepark.com>; <vivek@vivekdurai.com>; "Vittorio Bertola" > <vb@vitaminic.net>; "todd glassey" <todd.glassey@worldnet.att.net>; "Richard > Henderson" <richardhenderson@ntlworld.com>; "Kristy McKee" <k@widgital.com>; > <karl@cavebear.com>; "Joop Teernstra" <terastra@terabytz.co.nz>; "Joanna > Lane" <jo-uk@rcn.com>; <jefsey@jefsey.com>; <james.love@cptech.org>; > <j.oppenheimer@att.net>; <icheckemail@indiatimes.com>; <ellen@rony.com>; > "Elisabeth Porteneuve" <Elisabeth.Porteneuve@cetp.ipsl.fr>; "Alexander > Svensson" <alexander@svensson.de>; "Joe Baptista" <baptista@dot-god.com> > Sent: Tuesday, August 13, 2002 7:04 AM > Subject: Why People Should NOT Depend on "Root Servers" > > > http://www.merit.edu/mail.archives/nanog/msg02459.html > > gentlemen, stop your engines > > > > a.. From: Paul Vixie > > b.. Date: Mon Aug 12 12:07:20 2002 > > > > -------------------------------------------------------------------------- > ------ > > > > after six reports that 192.5.5.241's address has been forged as the source > > of a tcp "fragmented scan" probe, i'm ready to have it stop. but just in > > case it doesn't, this is fair warning to the community: F's address is in > > unlawful use by as-yet-unidentified third parties. > > > > re: > > > > ------- Forwarded Message > > > > From: ... > > To: "'abuse@VIX.COM'" <abuse@VIX.COM> > > Subject: Unauthorized Fragmented Scan > > Date: Mon, 12 Aug 2002 06:56:08 -0700 > > > > To whom it may concern, > > > > The Security Information & Analysis Center has detected an > > unauthorized scan against one of our networks that has a possible origin > at > > 192.5.5.241. > > > > Please review the following initial information: > > > > IPHalfScan 08-11-2002 17:34:02 UTC 192.5.5.241:53 > > xxx.xxx.xxx.xxx:53 TCP > > IPHalfScan 08-11-2002 17:28:00 UTC 192.5.5.241:53 > > xxx.xxx.xxx.xxx:53 TCP > > > > Please take action to verify this address on your network > > and it's intent to scan our networks. Thank you for your assistance. > > > > SECURITY INFORMATION AND ANALYSIS CENTER > > 1-877-... > > > > ------- End of Forwarded Message > > > > > > Modern DNS software finds the TLD Clusters, tracks them, and > > does not use ANY "root servers" (legacy or alt). People who rely > > on a dozen 32-bit IPv4 addresses to be coherently routed are fools, > > in my opinion. Any organization that promotes that type of structure > > and architecture as "secure" is perpetrating a fraud on unsuspecting > > users, who assume the system is stable and secure. Root servers are > > out of date, do not always track the TLD Cluster(s), do not support > > fail-over to back-up TLD Clusters, in cases of a major corporate > > failure. People continue to use them at their peril, yet clearly profit > > from telling people to use them. > > > > Jim Fleming > > 2002:[IPv4]:000X:03DB:...IPv8 is closer than you think... > > http://www.iana.org/assignments/ipv4-address-space > > http://www.ntia.doc.gov/ntiahome/domainname/130dftmail/unir.txt > > > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: atlarge-discuss-unsubscribe@lists.fitug.de > For additional commands, e-mail: atlarge-discuss-help@lists.fitug.de Regards, -- Jeffrey A. Williams Spokesman for INEGroup - (Over 127k members/stakeholders strong!) CEO/DIR. Internet Network Eng/SR. Java/CORBA Development Eng. Information Network Eng. Group. INEG. INC. E-Mail jwkckid1@ix.netcom.com Contact Number: 214-244-4827 or 972-244-3801 Address: 5 East Kirkwood Blvd. Grapevine Texas 75208