Slashdot Mirror

← Back to Stories (view on slashdot.org)

Register your own .mil Domain

Posted by CmdrTaco on from the someone-should-register-paper.mil dept.

JWSmythe writes " As reported in This Story at theregister.co.uk ,and on dailyrotten.com, it seems the US Department of Defense has dropped the ball. Not only can you register a .mil domain, but you can find "secret" domains that aren't publically known (the gov't uses security through obscurity?). I'm looking forward to hacker.mil, warez.mil, and porn.mil."

20 of 311 comments (clear)

  1. Link to .mil Registry by Motherfucking+Shit · · Score: 5, Informative

    http://www.nic.mil/dodnic. No, I didn't go poking around. If you've got bigger balls than I, perhaps you can link to the supposed admin area...

    --
    "BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
  2. Re:hard to believe by thac0 · · Score: 2, Informative

    Maybe the air force does make it difficult. I've certainly seen some pretty tight networks myself, but that doesn't mean that everything is. And the subject in question is actually kind of a fringe subject that one might believe to be missed in security sweeps and such.

    --
    poliglut.org: they're still alive and fighting the man
  3. Aaahh by Anonymous Coward · · Score: 5, Informative

    I found this without having to click on this

    1. Re:Aaahh by Anonymous Coward · · Score: 5, Informative
      And this is the domain registration link.

      Won't work without a .mil email address, though.

    2. Re:Aaahh by Anonymous Coward · · Score: 5, Informative

      This too, for reserving your very own netblock.

    3. Re:Aaahh by Big+Mark · · Score: 4, Informative
      From the ftp link they gave. You need this info to register:
      H2B. Sponsoring Agency..........:

      Indicate the Service, Unified or Specified Command, DoD operating
      Agency, or non-DoD Agency of the US government that you are affiliated
      with. (for a valid list of agencies, please refer to the
      service-agencies.txt located in the netinfo directory).

      Example: AF
      Ah. So you can't get one if you're not a serviceman. No story, methinks.

      -Mark
    4. Re:Aaahh by xintegerx · · Score: 5, Informative

      Wow, I didn't believe it was there!

      I found references to http://www.nic.mil/cgi-bin/whois on google. I was debating on trying /admin and etc instead, but didn't :)

      Instead, I searched for

      admin http://www.nic.mil

      on Google, to verify the news. I ended up clicking on a web site that shows beginning web masters useful resources.

      From there, I went to the site one level above, and from there clicked a link to view a document about standard run of the mill no big whoop procedures about webmastering (pretty useful if you want to be a contractor or write software and have it comply, I assume.)

      BTW the security notice on this document is a link to army.mil's privacy policy, which says:

      Information presented on Army Home Page is considered public information and may be distributed or copied unless otherwise specified. Use of appropriate byline/photo/image credits is requested.

      Anyway, on this document I was just describing, click the second link to the defenselink webmasters area.

      There (which is also public according to their stated policy) you can click on "Domain Registration in the .mil domain" and see this
      http://www.nic.mil/ftp/mgt/bul-9605.txt

      These are just public info resources. army.mil's security policy says if you try to upload or change stuff, that's what they care about.

      --

      Cover your eyes and click this link!
    5. Re:Aaahh by ShdwFear · · Score: 3, Informative

      http://nic.mil/cgi-bin/cs
      http://nic.mil/cgi-bin/ domain
      http://nic.mil/cgi-bin/ip-num
      http://nic. mil/cgi-bin/occ
      http://nic.mil/cgi-bin/asn
      http: //nic.mil/cgi-bin/xtac
      http://nic.mil/cgi-bin/rou ter
      http://nic.mil/cgi-bin/host

      other toys
      http://frwebgate.access.gpo.gov/cgi-bin/usef tp.cgi ?IPaddress=162.140.64.88&filename=he99027.txt&dire ctory=/diskb/wais/data/gao

      http://boulder.noaa.gov/noc/nhcexit.txt

    6. Re:Aaahh by j3ss · · Score: 2, Informative

      The people who run Anonymizer will give up their logs to any law enforcement agency if asked to do so. Anonymizer is good for hiding your tracks from other netizens but I wouldn't trust it for anything illegal.

  4. Re:How long before Google is sued? by vericgar · · Score: 2, Informative

    http://www.google.com/webmasters/3.html#B2 Google has in place functionality to not cache a page, and has had this for a long time. The fault here is with the DoD. They need to learn some security.

  5. here it is... by Anonymous Coward · · Score: 5, Informative

    link

  6. Here is the access list by Anonymous Coward · · Score: 5, Informative

    http://www.nic.mil/visitors.txt and http://www.nic.mil/help

  7. Re:2600 contest? by neurostar · · Score: 2, Informative

    Doesn't (didn't) 2600 have a contest like this? The first person to manage to get a .mil domain gets a free subscription, or something like that?

    Their contest says that if you resgister 2600.mil (or any 2600.something) and point it to their website, you get a free lifetime subscription. (I think it's any TLD)

    neurostar
  8. Re:2600 contest? by weave · · Score: 4, Informative
    2600 would be all into finding out how to do it and telling the world about it, but not going ahead and actually doing it. I've never seen them advocate breaking into systems, just how in can be done. If you read the letters to the editor in the mag and their responses to people who want to do malicious cracking, you'll see they stomp em pretty hard for being stupid.

    Besides that, the military might have an incompetent admin that exposes something stupid like that, but I for one wouldn't want to try my luck at exploiting it. I think you'd face better odds for survival as a black man spitting on an LAPD officer in a remote area away from public view.

  9. Address by AirLace · · Score: 4, Informative

    The URL is http://sites.defenselink.mil/

    It hasn't been possible to add new domains or run queries since Friday, so don't even bother.

    1. Re:Address by Anonymous Coward · · Score: 1, Informative

      The above comment is the only correct one I've seen so far. nic.mil is obviously a standard mail form template, and submissions are reviewed by a human. sites.defenselink.com on the other hand, is a custom app to manage the domains. It also fits the description of adding a new user without authenticating, as described in the story.

      http://sites.defenselink.mil/
      http://sites.defenselink.mil/servlet/DataEntry
      http://sites.defenselink.mil/servlet/DataEntry/add user

      BTW, I found this independantly by searching for '"add user" site:.mil'.

  10. Since Slashdot if a Pussy-land... by Q+Who · · Score: 5, Informative

    I did the process at the .mil NIC site.

    After you fill all the forms, there's:

    PAY ATTENTION!

    This online program makes no changes to the WHOIS database.

    The scope of this online program is to send the template to the e-mail address entered in the field below.

    Once you receive the completed template, you must forward it to the appropriate point of contact for action.

    The NIC will not process any templates until it receives this template (by email) from the domain administrator or service PMO.

    So you are essentially filling a template, which you can do by hand as well, following the instructions here.

    It lets you retrieve POC by a handle though. I don't know the access level of this information in USA, but this is quite odd, since it seems that the handles are assigned by initials, and are of progressively increasing length.

    I also wonder where does this interface gets that data from... There's a DB somewhere, and it can be probably hacked via this interface.

  11. Re:Of course... by killthiskid · · Score: 2, Informative

    Don't get to excited:

    Also Important!

    In order to use this online registration utility, you MUST have a WORKING e-mail address located on the NIPRNET.

    If you do not have an e-mail address, you should use the plain-text templates available by FTP

    Of course, not wanting to be labelled a combatent, that's as far as I went.

  12. Summary by JWSmythe · · Score: 4, Informative


    Here's a summary of the proposed domains. :)

    If you want to know who submitted it, read through the comments again.

    Enjoy!

    Al-Queda.mil
    runofthe.mil
    General.mil (cereal)
    Cara.mil (caramel)
    Rumor.mil (which would be slashdot.org.. hehe)
    rastafarian.mil
    peace.mil
    Piece.mil ("as I find well toned and armed women hot")
    starfleet.mil
    diploma.mil
    peace.in.our.ti me.mil
    gin.mil
    pointlessdeath.mil
    2600.mil
    Nat aliePortman.mil
    runofthe.mil
    slashdot.mil
    allyo urbase.mil
    IN-SOVIET-RUSSIA-we-practice-better-in ternet-secur ity-than-lazy-capitalist-pigs.mil
    in.soviet.russi a.mil.registers.you.mil
    slashdot.mil
    kevinmitnic k.mil
    2600.mil
    fuckedcompany.mil
    bushisanidiot. mil
    ashcroftisan ass.mil
    sgc.mil
    weoverthrewiran.mil
    weoverthrew guatemala.mil
    weassinatevietnamese.mil
    wekillciv iliansinasia.mil
    wesupportcoupinchile.mi
    wesuppo rtmilitartyinemsavabor.mil
    wetrainedosama.mil
    we supportcontras.mil
    wegavesaddammoney.mil
    wegavei raqweapons.mil
    weoverthrewpanama.mil
    webombaspir infactories.mil
    "noches.mil" (Thousand nigths)
    "dos.mil" (Two thousand)
    blackop.mil
    pepper.mil
    paper.mil
    dar k.satanic.mil
    deathstar.mil (for dvader@deathstar.mil)
    milf.mil
    Wind.mil
    honeypo t.mil

    --
    Serious? Seriousness is well above my pay grade.
  13. This is a great find.. . by toker95 · · Score: 4, Informative

    For those who REALLY want a .MIL domain name... Having spent a good deal of time in the US Navy dealing with the fun of keeping seperated, classified and unclassified networks, I can tell you exactly how much of a threat this problem is, to national security.. None. At the very worst, as pointed out in earlier posts... slashdotting a public domain .mil site (like http://chinfo.navy.mil/) would only serve to seriously tick off servicemembers family's, and the average run of the mill PR guys for the navy. Classified servers, sites, and networks are encrypted before they ever touch the same cables as the internet. In many cases, they never DO touch the same cables, but.. Yes, alot of that -classified- traffic passes over the same lines as your average slashdot post, BUT... its highly encrypted before it ever gets there (encryption level and equipment obviously varied by classification level, some data doesn't even get to TOUCH a networked computer). As well, a LARGE portion of the .mil domain's are setup to ONLY see traffic from another authorized .mil network (usually managed by IP address's). If your .mil network needs access to see my network, as well as getting the usual userids and passwords, my net admins need to talk to yours, and put your 1.2.3.xxx address into our firewall. So, the threat here? The threat is really only to the fact that its completely possible to now have a bazillion "yourname.yourwebsite.mil" websites running around... And this wouldn't HURT anything persay, because most .mil websites are acronyms like "subhqnorva.navy.mil" (for Submarine Squadron Headquarters Norfolk Virginia). US Military bungle? Yes National Security Threat? Minimal... Do you really want a .mil domain? Gee, only if you want to cause unnecessary trouble for a government trying to prepare for war...

    --

    ~~~ SCO sued me because I printed this t-shirt with a Linux driven printer...