nanog mailing list archives
Re: FW: Root Domain Server Hacked.
From: George Herbert <gherbert () crl com>
Date: Fri, 02 Jul 1999 19:38:45 -0700
Sean Donelan <SEAN () SDG DRA COM>
rmeyer () mhsc COM (Roeland M.J. Meyer) writes:That's not what Paul said.Randy Bush writes: this is false and specious garbageBoth statements are true. You can hijack domain names and insert bogus data in caches without hacking any root servers. It is much easier to just e-mail a domain modify template to NSI, and insert some bogus IP addresses for certain names. Similar to what happened to AOL last year (actually it appears to be a glue issue on some NS records). I haven't seen NSI official statements myself, only the news reports. But there is no evidence any of the independently operated root-name servers were hacked. If any systems were hacked, they were NSI's registration process. I think some people are getting too wrapped up in some really exotic attacks on DNS, when the simple ones still work. Maybe BEFORE-UPDATE will get finished now.
Won't help. My sources are confirming it was a glue record issue... someone did the rough equivalent of putting in a new domain registration with servers WWW.NETWORKSOLUTIONS.NET and WWW.NETSOL.NET as their nameservers, but with the IPs of the real ICANN webservers. The problem is that the nameserver entries and glue records in general aren't sanity checked (or weren't before today). The real solution eventually has to be some sort requested nameserver forward lookup IP match confirmation prior to accepting a nameserver record in new/change applications; if nameserver FOO.BAR.COM is listed on an application and its IP is listed as 123.4.5.6 but nslookup foo.bar.com shows it at 78.9.10.11 then the application should be held until the discrepancy is resolved properly. I remember suggesting this to Mark Kosters in, oh, April 1993? -george william herbert gherbert () crl com
Current thread:
- FW: Root Domain Server Hacked. David Alejandro Hernandez Alonso (Jul 02)
- Re: FW: Root Domain Server Hacked. Randy Bush (Jul 02)
- RE: FW: Root Domain Server Hacked. Roeland M.J. Meyer (Jul 02)
- Re: FW: Root Domain Server Hacked. Dean Robb (Jul 03)
- <Possible follow-ups>
- Re: FW: Root Domain Server Hacked. Sean Donelan (Jul 02)
- Re: FW: Root Domain Server Hacked. Randy Bush (Jul 02)
- Re: FW: Root Domain Server Hacked. bmanning (Jul 02)
- Re: FW: Root Domain Server Hacked. George Herbert (Jul 02)
- Re: FW: Root Domain Server Hacked. Randy Bush (Jul 02)