NCSG-DISCUSS Archives

NCSG-Discuss

NCSG-DISCUSS@LISTSERV.SYR.EDU
Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Fwd: [] FW: [] Details of how Turkey is intercepting Google Public DNS
From:
Avri Doria <[log in to unmask]>
Reply To:
Avri Doria <[log in to unmask]>
Date:
Sun, 30 Mar 2014 14:07:54 -0400
Content-Type:
text/plain
Parts/Attachments:
text/plain (68 lines) 
fyi


-------- Original Message --------
Subject: [perpass] FW: [IP] Details of how Turkey is intercepting Google 
Public DNS
Date: Sun, 30 Mar 2014 10:35:14 -0700
From: Christian Huitema <[log in to unmask]>
To: 'perpass' <[log in to unmask]>

Could be of interest for this list. An example of Internet infrastructure
vulnerability exploited by various operators. Mount an intercept attack on
the DNS protocol, and then use it for censorship or man-in-the-middle
insertion.

From: Lauren Weinstein <[log in to unmask]>
Subject: [ NNSquad ] Details of how Turkey is intercepting Google Public DNS
Date: March 30, 2014 at 12:45:00 PM EDT
To: [log in to unmask]


Details of how Turkey is intercepting Google Public DNS

http://j.mp/1lwpwcV  (Bortzmeyer)

    "If you try another well-known DNS resolver, such as OpenDNS,
     you'll get the same problem: a liar responds instead.  So,
     someone replies, masquerading as the real Google Public DNS
     resolver. Is it done by a network equipment on the path, as it is
     common in China where you get DNS responses even from IP
     addresses where no name server runs? It seems instead it was a
     trick with routing: the IAP announced a route to the IP addresses
     of Google, redirecting the users to an IAP's own impersonation of
     Google Public DNS, a lying DNS resolver. Many IAP already hijack
     Google Public DNS in such a way, typically for business reasons
     (gathering data about the users, spying on them). You can see the
     routing hijack on erdems' Twitter feed, using Turkish Telecom
     looking glass: the routes are no normal BGP routes, with a list
     of AS numbers, they are injected locally, via the IGP (so, you
     won't see it in remote BGP looking glasses, unless someone in
     Turkey does the same mistake that Pakistan Telecom did with
     YouTube in 2008). Test yourself: ... Of course, DNSSEC would
     solve the problem, if and only if validation were done on the
     user's local machine, something that most users don't do today."

- - -

--Lauren--
Lauren Weinstein ([log in to unmask]): http://www.vortex.com/lauren



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/15702618-7fa41320
Modify Your Subscription:
https://www.listbox.com/member/?member_id=15702618&id_secret=15702618-916751
3e
Unsubscribe Now:
https://www.listbox.com/unsubscribe/?member_id=15702618&id_secret=15702618-f
a5046b0&post_id=20140330124740:FFC04226-B82A-11E3-A1BE-FCEEE903E9CB
Powered by Listbox: http://www.listbox.com

_______________________________________________
perpass mailing list
[log in to unmask]
https://www.ietf.org/mailman/listinfo/perpass

ATOM RSS1 RSS2