[PLUG] What's up (or down) with spiritone/aracnet?

Mon Oct 2 20:42:26 UTC 2017

On 10/2/17 12:51 PM, plug-request at lists.pdxlinux.org wrote:

Just to be clear, based on the results of the testing I did it seemed to 
me that the problems the OP was experiencing with SpritOne were more 
Internet routing related and less DNS related.

A a traceroute from my home Comcast IC bounced around many hops in 
Comcast & Cogent's network before timing out. Whereas a traceroute from 
an Internet routable address took a few hops through Integra's network 
and successfully made it to mx2.spiritone.com

"The bad guys may be exploiting the DNS flaw described below, recently 
patched in the distro I'm currently upgrading. I bet the bad guys have 
tools for testing and probing DNS server integrity.

Why don't you and I have those tools? We build ephemeral new 
capabilities without diagnostic and monitoring tools for critical core 
capabilities. Then we replace core capabilities ( systemd ), trading a 
heap of old known bugs for a wilderness of new unknown bugs"

A couple of notes here:

"DNS Security Extensions were officially deployed on the root level in 
2010 for addresses using the .org top-level domain. In late 2010 and 
2011, .com, .net and .edu top-level domains were updated for DNSSEC, and 
implementation continues for country-specific top-level domains. By 
November 2011, over 25 percent of all top-level domains had been included"

I'm not sure where the implementation of DNSSEC stands today, but cases 
of public DNS exploitation/corruption are pretty rare.

Most if not all tools the "bad guys" are using in the public domain. 
There are many security researchers, "white hat" hackers and 
organizations on the beat these days trying to keep the Internet safe, 
functional, healthy. And they're concerned with all the "bad guys", 
gov't, corporations, and individual evil doers.

And as the majority of Internet servers are running FOSS than 
proprietary corporate code I have a bit more  trust in it as it's 
constantly under peer review and testing.

The biggest problem here is that for most developers and users, features 
& functionalities generally come before security. It's slowly changing 
and security is being baked in more now but I think it'll always lag 
behind and the onus of security will probably always fall on the end user.