1997-06-03 - Re: Webpage picketing?…

Header Data

From: Ryan Anderson <ryan@michonline.com>
To: John Deters <jad@dsddhc.com>
Message Hash: b4abcf118960a40756607a61d7d3107b1bc1f34b4349dfb9450538909eb0aeee
Message ID: <Pine.GSO.3.95.970603185336.24937F-100000@king>
Reply To: <3.0.1.32.19970603164718.00a218e0@labg30>
UTC Datetime: 1997-06-03 23:11:49 UTC
Raw Date: Wed, 4 Jun 1997 07:11:49 +0800

Raw message

From: Ryan Anderson <ryan@michonline.com>
Date: Wed, 4 Jun 1997 07:11:49 +0800
To: John Deters <jad@dsddhc.com>
Subject: Re: Webpage picketing?...
In-Reply-To: <3.0.1.32.19970603164718.00a218e0@labg30>
Message-ID: <Pine.GSO.3.95.970603185336.24937F-100000@king>
MIME-Version: 1.0
Content-Type: text/plain



On Tue, 3 Jun 1997, John Deters wrote:

> Note that both of these require you to be an unscrupulous stealer of other
> peoples browser space.  They also require the users arrive at your site
> first, and leave via your links (their own bookmarks or typed URLs will let
> them off the hook.)  I don't know of a way (short of usurping a DNS
> server's authority) of getting hooked into their site from the first.  I
> suppose if you ran a router between the site you wished to hijack and the
> viewer whom you've hijacked, you could, but we're talking MAJOR no-no (and
> lots of code) here.

It's not too difficult (in theory) to exploit some race conditions in
recursive DNS lookups and to forge entries for sites.  By doing this you
should be able to redirect most sites to your site, from at least a
selected audience.  (Those people whose primary nameserver you can usurp)

-----------------------------------------------------------------------
Ryan Anderson - <Pug Majere>     "Who knows, even the horse might sing" 
Wayne State University - CULMA   "May you live in interesting times.."
ryan@michonline.com                           Ohio = VYI of the USA 
PGP Fingerprint - 7E 8E C6 54 96 AC D9 57  E4 F8 AE 9C 10 7E 78 C9
-----------------------------------------------------------------------






Thread