On Mar 19, 2014, at 1:14 PM, Stephan Müller <stephanr.mueller@gmx.de> wrote:
Gesendet: Mittwoch, 19. März 2014 um 14:14 Uhr Von: "Jared Mauch" <jared@puck.nether.net> An: "RIPE Atlas People" <ripe-atlas@ripe.net> Betreff: [atlas] 8.8.8.8 hijack and ripe atlas
It appears there are some public measurements like #1002630, and i'm curious if someone is able to look at the latency and TTL numbers of the transport side and observe the localized hijacking of 8.8.8.8.
The dataset is somewhat huge and i'm not a json master so trying to discern if there is evidence in there is something i'm looking at.
- Jared
Could you please elaborate on what you are trying to do? I did not fully understand you (and I'm only a layman). Is this related to http://www.itnews.com.au/News/375278,google-dns-servers-suffer-brief-traffic...
What i'm trying to determine is if there is an outlier of the mean RTT and/or TTL from probes within a region to 8.8.8.8 which would represent a localized hijacking could be detected. eg: If the RTT is typically 20ms and drops to 8ms, perhaps that is something worthy of investigating. Same for TTL, if the IP_TTL is typically 54 due to taking 10 hops to reach Google, and now becomes 58, that would be a localized "hijacking" or unauthorized use of the IP space. - Jared