[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: VERY firghtening news (fwd)

---------- Forwarded message ----------
Date: Fri, 2 Jul 1999 16:08:16 -0500
From: Sean Donelan <SEAN@SDG.DRA.COM>
Reply-To: list@inet-access.net
To: list@inet-access.net
Subject: Re: VERY firghtening news

inet-list@vo.CNchost.COM (JC Dill) writes:
>When I attended NSI's Premier Partner Conference in San Diego a few years
>ago, they had a discussion about the fragility of DNS and the relative
>insecurity of the root servers.  I don't know if much has changed since
>then, but *at that time* some of the root servers were just sitting in
>someone's ordinary office, under a desk, rather than in a secure data
>center.  Breaking into a root server would not have been a difficult task
>if one had really wanted to, especially if one had some basic social
>engineering skills such that you could get into or be left in one of those
>offices unescorted.

Mostly FUD from NSI.  I haven't seen all the root name-servers.  But none
of the ones I have seen were just sitting in someone's ordinary office
beyond the time they were installing and configuring it.  Besides, NSI
has been bussing congress-types out to their facility to have their picture
taken with the "A" root-server.  So its no great secret where it is.

Three servers are installed in US government facilities with either
agency police or the military guarding the server (E, G, H)

Two servers are installed in the same rack at NSI's building (A, J) with
"pinkerton" guards standing around.

Two servers are installed in major exchange point buildings (F, K) with
video survillance.

Three servers are installed in major ISP facilities (C, I, M)

Two servers are at ISI (B, L) [Don't know if they are in the same rack]

One server is at a US University (D) [Well, ISI is part of USC, so three
name servers].  I have yet to find out the floor or the room the server
is in at UMD.  If it is sitting in someone's office, they are doing a
pretty good job of protecting it.
Sean Donelan, Data Research Associates, Inc, St. Louis, MO
  Affiliation given for identification not representation
Send 'unsubscribe' in the body to 'list-request@inet-access.net' to leave.
Eat sushi frequently.   inet@inet-access.net is the human contact address.