Slashdot Mirror

← Back to Stories (view on slashdot.org)

Identity Theft Hits the Root Name Servers

Posted by CmdrTaco on from the i-don't-think-i-am-who-you-think-i-am dept.

aos101 writes "The Renesys blog has an interesting story about networks advertising the old address space of the L root name server after ICANN changed the IP address last November. These networks were also running root name servers on the old IP address of the L root name server up until last week, so any DNS servers still using the old IP address might have been getting their answers from these bogus name servers. A very cursory examination by Renesys of one of these bogus servers found that it appeared to be providing correct responses, which might be why no one noticed the problem. As Renesys points out, the volume of traffic to a root server is staggering, so the people running these bogus root servers must have had a reason. What did they get out of it?"

2 of 131 comments (clear)

  1. Re:Extremely vague article by Anonymous Coward · · Score: 5, Informative

    nonsense. the article is very clear: here's what happened:

    icann hosted L-root on ip addresses they didn't have an exclusive right to use.

    they decided to stop doing that and moved L-root to somewhere else.

    shortly thereafter someone else decided to operate a name server on the very same IP addresses.

    that's *what* happened. perhaps you meant to say that the article doesn't say *why* it happened. that would be a fair criticism.

  2. Re:Good Samaritans? by locofungus · · Score: 5, Informative

    From the link in the FA:

    http://blog.icann.org/?p=227

    It is expected that the old address will continue to work for at least six months after the transition, but will ultimately be retired from service.

    1st November 2007 -> 1st May 2008 is 6 months. So they left it a few days over 6 months ...

    Tim.

    --
    God said, "div D = rho, div B = 0, curl E = -@B/@t, curl H = J + @D/@t," and there was light.