Operator Level DNS Hijacking
Following my recent research on DNS hijacking and the cases I have personally observed, I wondered whether this is a common practice among the operators. With the help of RIPE Atlas, I started to think of a solution to figure out whether such practice is widespread in other areas of the world.
Thanks for the thoughtful piece. It seems like operators and regulators are turning a blind eye to the fact that vendors already have too much unnecessary access to their networks. I started to wonder if this whole Huawei story is FUD spread by other vendors who fail to win price wars with Chinese vendors. The bigger question is: Should any third-party, regardless of their country of origin, should be relied to run (or have access to) critical infrastructure?
This is a very important issue that researchers should keep in mind when running RIPE Atlas measurements. They may want to select their probe origins carefully, keeping in mind that some DNS or HTTP requests would cause trouble for the probe host. While RIPE Atlas already has relevant measures to prevent eventual misuse, but some normal requests may trigger alerts in some networks that is undesired for probe hosts. On the other hand I believe people hosting probes should also be aware of such potential issues, when deploying in networks with strict policies (or have IDS monitoring their traffic) or in regions with restrictive regulations.
Showing 2 comment(s)