NNSquad - Network Neutrality Squad
[ NNSquad ] Details of how Turkey is intercepting Google Public DNS
Details of how Turkey is intercepting Google Public DNS
http://j.mp/1lwpwcV (Bortzmeyer)
"If you try another well-known DNS resolver, such as OpenDNS,
you'll get the same problem: a liar responds instead. So,
someone replies, masquerading as the real Google Public DNS
resolver. Is it done by a network equipment on the path, as it is
common in China where you get DNS responses even from IP
addresses where no name server runs? It seems instead it was a
trick with routing: the IAP announced a route to the IP addresses
of Google, redirecting the users to an IAP's own impersonation of
Google Public DNS, a lying DNS resolver. Many IAP already hijack
Google Public DNS in such a way, typically for business reasons
(gathering data about the users, spying on them). You can see the
routing hijack on erdems' Twitter feed, using Turkish Telecom
looking glass: the routes are no normal BGP routes, with a list
of AS numbers, they are injected locally, via the IGP (so, you
won't see it in remote BGP looking glasses, unless someone in
Turkey does the same mistake that Pakistan Telecom did with
YouTube in 2008). Test yourself: ... Of course, DNSSEC would
solve the problem, if and only if validation were done on the
user's local machine, something that most users don't do today."
- - -
--Lauren--
Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren
Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info
Founder:
- Network Neutrality Squad: http://www.nnsquad.org
- PRIVACY Forum: http://www.vortex.com/privacy-info
Member: ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Google+: http://google.com/+LaurenWeinstein
Twitter: http://twitter.com/laurenweinstein
Tel: +1 (818) 225-2800 / Skype: vortex.com
_______________________________________________
nnsquad mailing list
http://lists.nnsquad.org/mailman/listinfo/nnsquad