Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Honeypot in Netherlands mirroring entire DNS structures for some .edu's

From: Steve Lovaas <steven.lovaas () COLOSTATE EDU>
Date: Fri, 17 Nov 2006 15:04:09 -0700
Right you are, Valdis :)

At the risk of drifting too far off topic, that's the beauty of the
strict hierarchy of DNS... the top-level domains are distinct and
there's no problem if you have duplicate organization names across two
or more of these TLDs.

www.computer.com = TigerDirect.com, a computer retailer
www.computer.org = The IEEE Computer Society
www.computer.edu = ACCSCT Accredited PC Professor (Microsoft trainer)
www.computer.gov = not registered, comes back empty
www.computer.biz = a computer shopping directory (apparently)
www.computer.de = a German computer retailer
www.computer.cn = LoveNet.com.cn, a Chinese dating service


So, the more generic your domain name, the more likely it is that other
top-level domains are going to have the same name meaning something
else. You'd weed out the accidental duplication by having a much more
specific domain name, which would be longer and harder to type... then
you'd only be left with people trying to intentionally grab your
fat-fingered traffic (and you could block those address ranges at least
from within your organization).

So, the uiuc.edu vs uiuc.eu problem would be less likely to be
accidental if the University of Illinois Urbana Champaign had a web
address of www.universityofillinoisurbanachampaign.edu - that way, just
getting the URL right would mean you could get credit for freshman
English :)

Steve Lovaas




Valdis Kletnieks wrote:

On Fri, 17 Nov 2006 15:41:52 EST, "Mclaughlin, Kevin L (mclaugkl)" said:


I am doubtful, but could be wrong on this, that there is international
law that prohibits the use of our domain first letters/first names.
Therefore they can be re-used for .eu domains.  An example of this is
that there are: CIA.gov, FBI.gov and then CIA.com and FBI.com  domains
that are official and registered.


I guarantee that there is no such law - because if there *was*, the owners
of whitehouse.gov would have used it to shut down whitehouse.com. :)


--
==============================================================
Steven Lovaas, MSIA, CISSP
Network & Security Resource Manager
Academic Computing & Network Services
Colorado State University
970-297-3707
Steven.Lovaas () ColoState EDU
==============================================================
Previous By Date Next
Previous By Thread Next

Current thread: