Domain hijacking, InterNIC loopholes

Eric Eden erice at internic.net
Wed Jan 31 06:00:30 PST 1996


> This is not a security risk? No. But, to quote a delightfully
> low-key document from InterNIC, "[such] an unauthorized update 
> could lead a commercial organization to lose its presence on 
> the Internet until that update is reversed."
> 
> Ah. But that update will be reversed only when victim.com's sysadmins
> realise what's happened. If evil.org is clever enough, it will
> not halt the mail flow, but forward everything on to victim.com
> (after keeping a copy, of course). It could act as a proxy server
> to www.victim.com, accessing all URLs (using victim.com's real
> IP address) on demand and relaying them to browsers who are actually 
> looking at www.evil.org. And so on. Unless victim.com's admins
> are particularly observant, they may not notice a thing.
> 
> That delightful InterNIC document I mentioned is the draft paper
> on the InterNIC Guardian Object, first out in November 1995, latest
> version out earlier this month. It's an internal InterNIC proposal
> for a "Guardian Object" which would guard any other object (such
> as a domain name, or individual, or hostname, or even another
> guardian). It would allow a range of authentication methods, from
> none (very clever) and MAIL-FROM (easy to spoof) to CRYPT (1-way
> hash, like Unix passwd) and PGP (using public keys stored at
> InterNIC). All domain and other templates will be changed to
> work with guardians. The procedures in the original draft looked
> easy enough; the latest ones are formidable.
> 
> Incidentally, this draft appeared two months after the InterNIC
> started charging. The wonders of the profit motive.
> 
> 
The InterNIC Guardian Object Draft has been made publicly available
to the Internet community for comments.  As mentioned, the URL is:
ftp://rs.internic.net/policy/internic/internic-gen-1.txt

We welcome any comments or suggestions you might have about this
draft. The InterNIC has made siginificant improvements to the draft
over the past several months based on public comments.


Eric Eden
erice at internic.net







More information about the cypherpunks-legacy mailing list