CircleID

there was agreement between root operators to collect data on some retired addresses for DITL-2008.  the reasons for collecting that data was to check for correlation on querying nodes. The problems have been identified in NANOG presentations and at WIDE/CAIDA workshops over the
years… http://www.caida.org/workshops/wide/0611/ has one of my contributions there.
It is likely that an analysis of the 2008 data will be published later this year.

I understand that ISC is running a data collection service (SIE) and has asked for permission to
collect this type of data on an ongoing basis.

So its not as "nasty" as your title suggests. A little unorthodox, yes.

Hyperbole.

Best Regards,

Martin

Title says: "Identity Theft of Root Name Servers, Reason Unknown".  Then inside the article it says "This posting is about an attack on one such root name server. Actually, 'attack' isn’t really an appropriate term. It was not really an attack or a hijack or even identity theft." So, the title was completely wrong?  Was there a point being made here or just a grab for attention?

Edward Lewis said:

Title says: "Identity Theft of Root Name Servers, Reason Unknown".  Then inside the article it says "This posting is about an attack on one such root name server. Actually, 'attack' isn’t really an appropriate term. It was not really an attack or a hijack or even identity theft." So, the title was completely wrong?  Was there a point being made here or just a grab for attention?

This was the closest term that seemed to fit.  If you went to the old IP during this time, you were implicitly assuming it was a legitimate root name server and the act of running a server on this IP assured that you would continue to do so.  If someone assumes your identity, does it really matter if they give the correct answers to questions about you?

http://blog.icann.org/?p=309

Earl Zmijewski said:

Edward Lewis said:

Title says: "Identity Theft of Root Name Servers, Reason Unknown".  Then inside the article it says "This posting is about an attack on one such root name server. Actually, 'attack' isn’t really an appropriate term. It was not really an attack or a hijack or even identity theft." So, the title was completely wrong?  Was there a point being made here or just a grab for attention?

This was the closest term that seemed to fit.  If you went to the old IP during this time, you were implicitly assuming it was a legitimate root name server and the act of running a server on this IP assured that you would continue to do so.  If someone assumes your identity, does it really matter if they give the correct answers to questions about you?

I think you are half right.  ICANN had no authorization from EP.NET to announce the route,
so they had been assuming EP.NET identity. 

That said, there was agreement to announce the route and collect data for DITL between ICANN and EP.NET.  You did not do your homework and it appears there are "chinese walls" inside ICANN, where one party is not talking to another.

That said, there was agreement to announce the route and collect data for DITL between ICANN and EP.NET.  You did not do your homework and it appears there are “chinese walls” inside ICANN, where one party is not talking to another.

The references noted for the article were also fairly out of date. There are other issues that seem more important though. Like root server data privacy.

-M<