18 December 2017

Infocom unprovisions the Samara technical setup

days before the Press Conference

Until the 9th of December 2017, Infocom.kg has managed their domain using a third party free infrastructure from Yandex This weak outsourced setup seems surprising for a State Enterprise that claims to follow high standards of computer security.

Until then, the State Enterprise (SE) Infocom has run all the State Registration Services (SRS) as part of a small network suballocation in the 212.112.124.128/26 space allocated to the IET KSTU.

inetnum: 212.112.124.128 - 212.112.124.191
netname: IET_KSTU
descr: IET_KSTU Office Network
country: KG
admin-c: AU2408-RIPE
tech-c: IM5222-RIPE
status: ASSIGNED PA
mnt-by: AS12764-MNT
created: 2013-06-21T03:13:56Z
last-modified: 2013-06-21T03:13:56Z
source: RIPE

It was inside this small network where we discovered the reverse proxy 212.112.124.142 that hosted samara.kg and later mls.kg

The 14th of December took place in Bishkek the press conference where SRS announced officially the long awaited results of their “Samara” internal investigation: “Trust us, no evidence was found”.

But in a surprising last minute turn in this case, Infocom decided to migrate all the services in their network to a new setup removing the reverse proxy from the address 212.112.124.142

Ops! The reverse proxy address is now gone.

The morning of the 8th of December, Infocom started the migration of their services to a new allocated IP space obtained from RIPE as a new LIR in middle November. The route was present in the BGP routing table for first time the 18th of November 2017.

All services were moved to the new fresh 185.229.36.0/22 network and Infocom stopped using the AS12764 to operate its own AS39659.

This new IP space is managed by Azamat Soyuzbekov ( Азамат Союзбеков ) that according to his social media profile he is a former worker of ОсОО Нуртелеком, O.kg and Мегаком

During the weekend before the press conference, the infocom.kg domain zone in yandex.net was initially updated with the new SOA counter record 2017120801. On Saturday 9th, two more DNS servers were added ns1.infocom.kg and ns2.infocom.kg to the pool dns1.yandex.net and dns2.yandex.net using a completely different SOA record 2017112912 (problably these ones were initially configured the 29th of November)

A SOA flawed new DNS setup

It seems that this new setup has been done in a hurry, judging for the several consistency problems that they have encountered and the current errors in this new configuration as described here

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.