Renesys Blog: Securing the Root
While there is no evidence of foul play with regard to the bogus L root servers, the duration of this event, the potential for mayhem, and the complete absence of any controls whatsoever should give us all reason for concern. Just think for a minute about what you could do with a root name server if you had evil intent. How about ...
- Provide a new list of all root name servers when asked
- Provide new NS records for any or all TLDs
- Set TTL = 0 for all answers
- Perform recursion by default
- Log everything
- Censor or misdirect as desired
Posted 89 days ago
todd
Responses to this thread:
todd:
This story is still poorly understood by technical people that I talk to. The attitude seems to be: Manning is a good guy and wasn't doing anything wrong. That misses the point badly. If it were not manning and it were a bad guy, no one *still* would have noticed and they could have done really, really bad things. No one is watching this stuff closely enough.
Jim Cowie:
It's weird that D-root is only advertised as a /16. The much smaller /24 is obviously preferable, because /24 is the smallest block that you can generally trust to be globally routable (not filtered as "too small to propagate"). The obvious attack is to advertise the /24 to a provider who doesn't filter, get it globally propagated, hoka hey, D-root pwn3d.
