draft-ietf-dnsop-as112-under-attack-help-help-03.txt   draft-ietf-dnsop-as112-under-attack-help-help-04.txt 
Network Working Group J. Abley Network Working Group J. Abley
Internet-Draft TekSavvy Internet-Draft ICANN
Intended status: Informational W. Maton Intended status: Informational W. Maton
Expires: April 8, 2010 NRC-CNRC Expires: January 30, 2011 NRC-CNRC
October 5, 2009 July 29, 2010
I'm Being Attacked by PRISONER.IANA.ORG! I'm Being Attacked by PRISONER.IANA.ORG!
draft-ietf-dnsop-as112-under-attack-help-help-03 draft-ietf-dnsop-as112-under-attack-help-help-04
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79. This document may contain material
from IETF Documents or IETF Contributions published or made publicly
available before November 10, 2008. The person(s) controlling the
copyright in some of this material may not have granted the IETF
Trust the right to allow modifications of such material outside the
IETF Standards Process. Without obtaining an adequate license from
the person(s) controlling the copyright in such materials, this
document may not be modified outside the IETF Standards Process, and
derivative works of it may not be created outside the IETF Standards
Process, except to format it for publication as an RFC or to
translate it into languages other than English.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on April 8, 2010.
Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of
publication of this document (http://trustee.ietf.org/license-info).
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document.
Abstract Abstract
Many sites connected to the Internet make use of IPv4 addresses which Many sites connected to the Internet make use of IPv4 addresses which
are not globally unique. Examples are the addresses designated in are not globally unique. Examples are the addresses designated in
RFC1918 for private use within individual sites. RFC1918 for private use within individual sites.
Hosts should never normally send DNS reverse mapping queries for Hosts should never normally send DNS reverse mapping queries for
those addresses on the public Internet. However, such queries are those addresses on the public Internet. However, such queries are
frequently observed. Authoritative servers are deployed to provide frequently observed. Authoritative servers are deployed to provide
skipping to change at page 4, line 5 skipping to change at page 1, line 33
Since queries sent to AS112 servers are usually not intentional, the Since queries sent to AS112 servers are usually not intentional, the
replies received back from those servers are typically unexpected. replies received back from those servers are typically unexpected.
Unexpected inbound traffic can trigger alarms on intrusion detection Unexpected inbound traffic can trigger alarms on intrusion detection
systems and firewalls, and operators of such systems often mistakenly systems and firewalls, and operators of such systems often mistakenly
believe that they are being attacked. believe that they are being attacked.
This document provides background information and technical advice to This document provides background information and technical advice to
those firewall operators. those firewall operators.
Status of this Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 30, 2011.
Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction and Target Audience . . . . . . . . . . . . . . . 5 1. Introduction and Target Audience . . . . . . . . . . . . . . . 3
2. Private-Use Addresses . . . . . . . . . . . . . . . . . . . . 6 2. Private-Use Addresses . . . . . . . . . . . . . . . . . . . . 4
3. DNS Reverse Mapping . . . . . . . . . . . . . . . . . . . . . 7 3. DNS Reverse Mapping . . . . . . . . . . . . . . . . . . . . . 5
4. DNS Reverse Mapping for Private-Use Addresses . . . . . . . . 8 4. DNS Reverse Mapping for Private-Use Addresses . . . . . . . . 6
5. AS112 Nameservers . . . . . . . . . . . . . . . . . . . . . . 9 5. AS112 Nameservers . . . . . . . . . . . . . . . . . . . . . . 7
6. Inbound Traffic from AS112 Servers . . . . . . . . . . . . . . 10 6. Inbound Traffic from AS112 Servers . . . . . . . . . . . . . . 8
7. Corrective Measures . . . . . . . . . . . . . . . . . . . . . 11 7. Corrective Measures . . . . . . . . . . . . . . . . . . . . . 9
8. AS112 Contact Information . . . . . . . . . . . . . . . . . . 12 8. AS112 Contact Information . . . . . . . . . . . . . . . . . . 10
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11
10. Security Considerations . . . . . . . . . . . . . . . . . . . 14 10. Security Considerations . . . . . . . . . . . . . . . . . . . 12
11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 15 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 13
11.1. Normative References . . . . . . . . . . . . . . . . . . 15 11.1. Normative References . . . . . . . . . . . . . . . . . . 13
11.2. Informative References . . . . . . . . . . . . . . . . . 15 11.2. Informative References . . . . . . . . . . . . . . . . . 13
Appendix A. Change History . . . . . . . . . . . . . . . . . . . 16 Appendix A. Change History . . . . . . . . . . . . . . . . . . . 14
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 17 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 15
1. Introduction and Target Audience 1. Introduction and Target Audience
Readers of this document may well have experienced an alarm from a Readers of this document may well have experienced an alarm from a
firewall or an intrusion-detection system, triggered by unexpected firewall or an intrusion-detection system, triggered by unexpected
inbound traffic from the Internet. The traffic probably appeared to inbound traffic from the Internet. The traffic probably appeared to
originate from one of several hosts discussed further below. originate from one of several hosts discussed further below.
The published contacts for those hosts may well have suggested that The published contacts for those hosts may well have suggested that
you consult this document. you consult this document.
skipping to change at page 12, line 7 skipping to change at page 10, line 7
these queries to the public DNS. Guidance and recommendations these queries to the public DNS. Guidance and recommendations
for this aspect of resolver configuration can be found in for this aspect of resolver configuration can be found in
[I-D.ietf-dnsop-default-local-zones]. [I-D.ietf-dnsop-default-local-zones].
4. Implement a private AS112 node within the site. Guidance for 4. Implement a private AS112 node within the site. Guidance for
constructing an AS112 node may be found in constructing an AS112 node may be found in
[I-D.ietf-dnsop-as112-ops]. [I-D.ietf-dnsop-as112-ops].
8. AS112 Contact Information 8. AS112 Contact Information
Operational contact information for the network addresses of AS112
servers is registered with Regional Internet Registries (RIRs).
Readers who continue to have concerns about traffic received from
AS112 servers after reading this document are encouraged to contact
their local CSIRT for more information or confirmation as well as the
AS112 Network Operations Centre.
More information about the AS112 project can be found at More information about the AS112 project can be found at
<http://www.as112.net/>. <http://www.as112.net/>.
9. IANA Considerations 9. IANA Considerations
The AS112 nameservers are all named under the domain IANA.ORG (see The AS112 nameservers are all named under the domain IANA.ORG (see
Section 5). The IANA is the organisation responsible for the Section 5). The IANA is the organisation responsible for the
coordination of many technical aspects of the Internet's basic coordination of many technical aspects of the Internet's basic
infrastructure. The AS112 project nameservers provide a public infrastructure. The AS112 project nameservers provide a public
service to the Internet which is sanctioned by and operated in service to the Internet which is sanctioned by and operated in loose
coordination with the IANA. coordination with the IANA.
This document does not require any IANA actions. This document makes no request of the IANA.
10. Security Considerations 10. Security Considerations
The purpose of this document is to help site administrators properly The purpose of this document is to help site administrators properly
identify traffic received from AS112 nodes, and to provide background identify traffic received from AS112 nodes, and to provide background
information to allow appropriate measures to be taken in response to information to allow appropriate measures to be taken in response to
it. it.
Hosts should never normally send queries to AS112 servers: queries Hosts should never normally send queries to AS112 servers: queries
relating to private-use addresses should be answered locally within a relating to private-use addresses should be answered locally within a
skipping to change at page 15, line 24 skipping to change at page 13, line 24
BCP 5, RFC 1918, February 1996. BCP 5, RFC 1918, February 1996.
11.2. Informative References 11.2. Informative References
[I-D.ietf-dnsop-as112-ops] [I-D.ietf-dnsop-as112-ops]
Abley, J. and W. Maton, "AS112 Nameserver Operations", Abley, J. and W. Maton, "AS112 Nameserver Operations",
October 2009. October 2009.
[I-D.ietf-dnsop-default-local-zones] [I-D.ietf-dnsop-default-local-zones]
Andrews, M., "Locally-served DNS Zones", Andrews, M., "Locally-served DNS Zones",
draft-ietf-dnsop-default-local-zones-08 (work in draft-ietf-dnsop-default-local-zones-13 (work in
progress), February 2009. progress), April 2010.
Appendix A. Change History Appendix A. Change History
This section to be removed prior to publication. This section to be removed prior to publication.
00 Initial draft, circulated as 00 Initial draft, circulated as
draft-jabley-as112-being-attacked-help-help-00 and reviewed at the draft-jabley-as112-being-attacked-help-help-00 and reviewed at the
DNSOP working group meeting at IETF 66. DNSOP working group meeting at IETF 66.
00 Document adopted by the DNSOP working group and renamed 00 Document adopted by the DNSOP working group and renamed
accordingly. accordingly.
01 Version number bump at request of wg chair. 01 Version number bump at request of wg chair.
02 Updated pointer to DNSOP working group-adopted of Mark Andrew's 02 Updated pointer to DNSOP working group-adopted of Mark Andrew's
full-service resolver zones, renamed to ietf-dnsop-default-local- full-service resolver zones, renamed to ietf-dnsop-default-local-
zones. zones.
02 Updated author's addresses. 02 Updated author's addresses.
03 Version number bump at request of wg chair. 03 Version number bump at request of dnsop chair.
04 Version number bump at request of dnsop chair. Contact
information section truncated to protect the innocent. Minor,
non-substantive wordsmithing. References updated.
Authors' Addresses Authors' Addresses
Joe Abley Joe Abley
TekSavvy Solutions, Inc. ICANN
330 Richmond Street, Suite 205 4676 Admiralty Way, Suite 330
Chatham, ON N7M 1P7 Marina del Rey, CA 90292
Canada US
Phone: +1 519 670 9327 Phone: +1 519 670 9327
Email: jabley@teksavvy.com Email: joe.abley@icann.org
William F. Maton Sotomayor William F. Maton Sotomayor
National Research Council of Canada National Research Council of Canada
1200 Montreal Road 1200 Montreal Road
Ottawa, ON K1A 0R6 Ottawa, ON K1A 0R6
Canada Canada
Phone: +1 613 993 0880 Phone: +1 613 993 0880
Email: wmaton@ryouko.imsb.nrc.ca Email: wmaton@ryouko.imsb.nrc.ca
 End of changes. 12 change blocks. 
80 lines changed or deleted 65 lines changed or added

This html diff was produced by rfcdiff 1.38. The latest version is available from http://tools.ietf.org/tools/rfcdiff/