1996-01-31 - Re: Domain hijacking, InterNIC loopholes

Header Data

From: Eric Eden <erice@internic.net>
To: rishab@dxm.org (Rishab Aiyer Ghosh)
Message Hash: c0719c596eda545a6f201170f37c22cbf5ed43e58bd236f8c4f3e4de25dea573
Message ID: <199601311339.IAA20864@ops.internic.net>
Reply To: <9601301819.AA00964@toad.com>
UTC Datetime: 1996-01-31 14:00:30 UTC
Raw Date: Wed, 31 Jan 1996 22:00:30 +0800

Raw message

From: Eric Eden <erice@internic.net>
Date: Wed, 31 Jan 1996 22:00:30 +0800
To: rishab@dxm.org (Rishab Aiyer Ghosh)
Subject: Re: Domain hijacking, InterNIC loopholes
In-Reply-To: <9601301819.AA00964@toad.com>
Message-ID: <199601311339.IAA20864@ops.internic.net>
MIME-Version: 1.0
Content-Type: text/plain


> This is not a security risk? No. But, to quote a delightfully
> low-key document from InterNIC, "[such] an unauthorized update 
> could lead a commercial organization to lose its presence on 
> the Internet until that update is reversed."
> 
> Ah. But that update will be reversed only when victim.com's sysadmins
> realise what's happened. If evil.org is clever enough, it will
> not halt the mail flow, but forward everything on to victim.com
> (after keeping a copy, of course). It could act as a proxy server
> to www.victim.com, accessing all URLs (using victim.com's real
> IP address) on demand and relaying them to browsers who are actually 
> looking at www.evil.org. And so on. Unless victim.com's admins
> are particularly observant, they may not notice a thing.
> 
> That delightful InterNIC document I mentioned is the draft paper
> on the InterNIC Guardian Object, first out in November 1995, latest
> version out earlier this month. It's an internal InterNIC proposal
> for a "Guardian Object" which would guard any other object (such
> as a domain name, or individual, or hostname, or even another
> guardian). It would allow a range of authentication methods, from
> none (very clever) and MAIL-FROM (easy to spoof) to CRYPT (1-way
> hash, like Unix passwd) and PGP (using public keys stored at
> InterNIC). All domain and other templates will be changed to
> work with guardians. The procedures in the original draft looked
> easy enough; the latest ones are formidable.
> 
> Incidentally, this draft appeared two months after the InterNIC
> started charging. The wonders of the profit motive.
> 
> 
The InterNIC Guardian Object Draft has been made publicly available
to the Internet community for comments.  As mentioned, the URL is:
ftp://rs.internic.net/policy/internic/internic-gen-1.txt

We welcome any comments or suggestions you might have about this
draft. The InterNIC has made siginificant improvements to the draft
over the past several months based on public comments.


Eric Eden
erice@internic.net






Thread