fyi -------- Original Message -------- Subject: [perpass] FW: [IP] Details of how Turkey is intercepting Google Public DNS Date: Sun, 30 Mar 2014 10:35:14 -0700 From: Christian Huitema <[log in to unmask]> To: 'perpass' <[log in to unmask]> Could be of interest for this list. An example of Internet infrastructure vulnerability exploited by various operators. Mount an intercept attack on the DNS protocol, and then use it for censorship or man-in-the-middle insertion. From: Lauren Weinstein <[log in to unmask]> Subject: [ NNSquad ] Details of how Turkey is intercepting Google Public DNS Date: March 30, 2014 at 12:45:00 PM EDT To: [log in to unmask] Details of how Turkey is intercepting Google Public DNS http://j.mp/1lwpwcV (Bortzmeyer) "If you try another well-known DNS resolver, such as OpenDNS, you'll get the same problem: a liar responds instead. So, someone replies, masquerading as the real Google Public DNS resolver. Is it done by a network equipment on the path, as it is common in China where you get DNS responses even from IP addresses where no name server runs? It seems instead it was a trick with routing: the IAP announced a route to the IP addresses of Google, redirecting the users to an IAP's own impersonation of Google Public DNS, a lying DNS resolver. Many IAP already hijack Google Public DNS in such a way, typically for business reasons (gathering data about the users, spying on them). You can see the routing hijack on erdems' Twitter feed, using Turkish Telecom looking glass: the routes are no normal BGP routes, with a list of AS numbers, they are injected locally, via the IGP (so, you won't see it in remote BGP looking glasses, unless someone in Turkey does the same mistake that Pakistan Telecom did with YouTube in 2008). Test yourself: ... Of course, DNSSEC would solve the problem, if and only if validation were done on the user's local machine, something that most users don't do today." - - - --Lauren-- Lauren Weinstein ([log in to unmask]): http://www.vortex.com/lauren ------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/15702618-7fa41320 Modify Your Subscription: https://www.listbox.com/member/?member_id=15702618&id_secret=15702618-916751 3e Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=15702618&id_secret=15702618-f a5046b0&post_id=20140330124740:FFC04226-B82A-11E3-A1BE-FCEEE903E9CB Powered by Listbox: http://www.listbox.com _______________________________________________ perpass mailing list [log in to unmask] https://www.ietf.org/mailman/listinfo/perpass