Route filtering and its impact on the DNS fabric
Last Updated: 2008-05-19 14:51:41 UTC
by Maarten Van Horenbeeck (Version: 1)
Information Security consultants regularly work with their clients to identify their "critical infrastructure": those assets which are needed to keep the organization running at an acceptable level. On such engagements, after the employees have listed and described their own assets, I tend to ask them "... and what about Google?". A lot of companies really need a good search engine ranking for their clients to find them. Something which can and has been attacked. It is however often not quite clear whose responsibility it is to monitor components such as these: information security or marketing?
There are several other components which make up the internet fabric that help users get where they need to be. Today, the people at Renesys posted a fascinating blog entry showing what could go wrong at a completely different level: DNS. They identify how the hijacking of IP space can pose a valid risk to the reliability of the internet as a business medium. While malicious intent can't be proven, this is exactly what appears to have affected L.root-servers.net in the recent history.
This is no reason to panic - it is however an indication of just one of many things the information security community needs to be aware of. Short lived BGP announcements have commonly been used to distribute spam, and inadvertent mistakes have brought down major web sites. Renesys' posting is an example of how a lack of route filtering can have even deeper, but less visible consequences.
Read their blog entry on the adventures of L.root-servers.net here.