« back to results for ""
Below is a cache of http://www.nanog.org/mtg-0606/pdf/lightning-talks/1-hannigan.pdf. It's a snapshot of the page taken as our search engine crawled the Web.
The web site itself may have changed. You can check the current page or check for previous versions at the Internet Archive. Yahoo! is not affiliated with the authors of this page or responsible for its content.
Microsoft PowerPoint - 1-hannigan Critical Infrastructure: Root Server
Location Analysis
NANOG 37 San Jose, CA.
Martin Hannigan
Member of Technical
Staff © 2005 Renesys Corporation
Corporate Presentation - DRAFT
2
Operator Demographics: Where? 13 root server instances operated by entities in 3 countries United States of America 3 Corporate (a, c, & j) 2 Educational (b & d) 1 Military (g) 2 Research (e & h) 3 Non Profit ( f, i, & l) Autonomica is responsible for I, but hosts some instances
on a CDN. The CDN operator is a US formed entity. European Union 1 Non Profit (k) Japan 1 Non Profit (m) © 2005 Renesys Corporation
Corporate Presentation - DRAFT
3
Operator Demographics (cont.)
ENTITY JURISDICTION
US
92%
NON US
8% © 2005 Renesys Corporation
Corporate Presentation - DRAFT
4
Operator Demographics (cont.)
JURISDICTION BY US ENTITY TYPE VS. NON US
US CORP
39%
US MIL
23%
US EDU
15%
US NON PROFIT
15%
NON US
8% © 2005 Renesys Corporation
Corporate Presentation - DRAFT
5
Operator Demographics (cont.) Where are the platforms? In ~54 countries All religions All methods of Governance © 2005 Renesys Corporation
Corporate Presentation - DRAFT
6
Global Distribution (Political)
Political Distribution
DEMOCRATIC
79%
OTHER
21% © 2005 Renesys Corporation
Corporate Presentation - DRAFT
7
Operator Demographics (cont.) Global diversification for security and performance Instances spread across continents Different networks Different procedures Different software Different hardware Different weaknesses © 2005 Renesys Corporation
Corporate Presentation - DRAFT
8
Global Distribution (Geographical)
BY GEOGRAPHIC BOUNDARY
ANTARTICA
0%
LATIN AMERICA
2%
EASTERN
EUROPE
3%
ASIA
12%
AFRICA
2%
AUSTRALIA
8%
EUROPE
35%
NORTH
AMERICA
38% © 2005 Renesys Corporation
Corporate Presentation - DRAFT
9
Situating a Root Server Relationships 101 Who you know ICANN, Operator, IX, and RIR relationships Regulators How you spin it National Pride Performance and Security Betterment of User Experience © 2005 Renesys Corporation
Corporate Presentation - DRAFT
10
Threats Not much different than anyone else Direct attacks Proxy Attacks Botnets (collections of zombies w/c&c) Easy money in indigent economies Miscreants potentially masking other
activities (what are they really doing?) © 2005 Renesys Corporation
Corporate Presentation - DRAFT
11
Hypothetically Speaking, let's
attack Target: $-Root Location: (EU Hosting Facility) Multi-post cabinet configuration with cabling and power under-floor Unlocked cabinet, single factor facility entry Physical Attack Open cabinet Door Turn it off Hijack attempt Advertise a route Return bad answers Network Attack Spoof source Random host querys Send packet-love © 2005 Renesys Corporation
Corporate Presentation - DRAFT
12
Summary The root system is less likely subject to a single application exploit at
the root DNS level, but it could be attacked at-large by at layer 3 (and is
frequently and more often) The system is accidentally robust as a result of layer whatever
informal coordination vs. tight standard and operational procedure There is likely very good research other data coming across the
interfaces of these systems (trend) A collapsed root system i.e. Where root servers and TLD's
share the same hardware or networks should be more closely
examined (Good? Bad? Ugly?) © 2005 Renesys Corporation
Corporate Presentation - DRAFT
13
Credits Internet Assigned Numbers Authority Root Server Operators - www.root-servers.org World Atlas for Political and Geo Maps ICANN [GA] List Hallway conversations @ NANOG © 2005 Renesys Corporation
Corporate Presentation - DRAFT
14
About the Presenter Martin Hannigan Boston, MA USA ~20 Years Internet experience CALEA, SS7, TCP/IP Engineering and Ops Management ARIN, RIPE, NANOG, & others ICANN ASO AC Rep, ARIN Region www.renesys.com