[RSSAC Caucus] Suspicious Route against a Root DNS Prefix
Hafiz Farooq
hmfarouq at gmail.com
Sat May 6 20:14:46 UTC 2023
Hi,
Interesting read, thanks for sharing Dessalegn,
FYI: IP Address mentioned in Codebgp's report 194.156.163.203
(Singapore/Misaka Network) was hosting a .xyz domain (see below passive DNS
from virustotal).
[image: image.png]
Kind Regards
*Hafiz Farooq*
--- This message has been scanned via Symantec MessageLabs & SpamDefense
Engine
On Fri, May 5, 2023 at 3:08 PM Terry Manderson <terry at terrym.net> wrote:
> Hi Dessalegn,
>
> While I am emailing from my personal email address for this response,
> let's assume for this response only, I am wearing my ICANN hat as the
> person who is responsible for the ICANN Managed Root Server (IMRS),
> otherwise known technically as L.ROOT-SERVERS.NET.
>
> We are well aware of the publication of Code BGP regarding the presumed
> routing anomaly. We are actively working with the entity involved (one of
> our IMRS hosts) as to why the routing advertisement is as reported. (noting
> also this particular route has an ASPATH of 10 ASs due to prepending, and
> effectively it us unlikely to be the selected path)
>
> I'd also like to point out that Code BGP has a tendency to report first,
> and investigate later. You can of course interpret that how you will.
>
> That said because it is an IMRS host that is involved there is actually no
> impact to Root DNS service and I suspect this is a zero impact routing
> artefact that can be trivially rectified with education.
>
> Cheers,
> Terry
> --
> Mobile device, don't expect grammar.
>
> On 4 May 2023, at 11:25 pm, Dessalegn Yehuala <mequanint.yehuala at gmail.com>
> wrote:
>
>
> This might be of interest.
>
> https://www.codebgp.com/blog/suspicious-route-against-a-root-dns-prefix/
>
> Kind regards,
> Dessalegn
> _______________________________________________
> rssac-caucus mailing list
> rssac-caucus at icann.org
> https://mm.icann.org/mailman/listinfo/rssac-caucus
>
> _______________________________________________
> By submitting your personal data, you consent to the processing of your
> personal data for purposes of subscribing to this mailing list accordance
> with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and
> the website Terms of Service (https://www.icann.org/privacy/tos). You can
> visit the Mailman link above to change your membership status or
> configuration, including unsubscribing, setting digest-style delivery or
> disabling delivery altogether (e.g., for a vacation), and so on.
>
> _______________________________________________
> rssac-caucus mailing list
> rssac-caucus at icann.org
> https://mm.icann.org/mailman/listinfo/rssac-caucus
>
> _______________________________________________
> By submitting your personal data, you consent to the processing of your
> personal data for purposes of subscribing to this mailing list accordance
> with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and
> the website Terms of Service (https://www.icann.org/privacy/tos). You can
> visit the Mailman link above to change your membership status or
> configuration, including unsubscribing, setting digest-style delivery or
> disabling delivery altogether (e.g., for a vacation), and so on.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mm.icann.org/pipermail/rssac-caucus/attachments/20230506/a4e98a2a/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 36354 bytes
Desc: not available
URL: <https://mm.icann.org/pipermail/rssac-caucus/attachments/20230506/a4e98a2a/image-0001.png>
More information about the rssac-caucus
mailing list