Dan Kaminsky Suggests Having Fun with DNS

boogahsmalls writes "A few weekends ago Dan Kaminsky of scanrand fame presented some pretty cool ideas involving DNS that made plenty of heads spin at the LayerOne Technology Conference. Some of his concepts included Voice over DNS and storing Knoppix in a DNS cache. He's also apparently got a couple new tools in the pipe including a scanrand based DNS scanner and a visualization suite. Could another version of Paketto Keiretsu be in the works?" (OpenOffice.org does a great job of opening the PowerPoint slideshow.)

No thanks,

I'd rather my dns just work.

Nice ideas

but who doesn't have Knoppix in the DNS cache already anyway? Welcome to the 21st century buddy.

Great Article

It's a pity most of the slashdot crowd won't understand any of its technical merits at all.
Mark this as flamebait if you will, but come back in a while and read the comments, I promise there will be hardly any discussion of the paper.

Dan is obviously a very smart guy, I like his ideas about using http tunnel (it's a great program), I'm going to have to give some of these ideas a work out!

Bob

Re:Great Article

[jovetoo]

His techniques allow someone to set up a cryptographically secure network that most likely completely ignores firewalls. It features high bandwidth-high latency connection, low bandwidth-low latency connections and is virtually untraceable, even to both parties involved in the connection. An initial hostname and time would act as the 'phonenumber'. (By keeping a certain request alive, one can even implement a dailing service with TTL delay.) A message service is freely included.

It is virtually impossible to shut these networks down without replacing/patching dns. Not an easy task.
The bandwidth available to this network most likely exceeds that of most irc-botnets. Especially since the root servers are defending themselves against DDoS attacks.

The tools he's still developing might be able to trace these things but it will still require cooperation of dns server administrators (to get their logs). You will never get them all and you'll have a LOT data to process. Accorfing to this the ICS root server continuosly handles almost 8Mbps (and can handle upto 80Mbps) of traffic. I seriously doubt they can log that... (if so, transferring the logs would continually consume a healthy percent of the servers bandwidth.)

Pretty smart man indeed and very idealistic or shortsighted. Both the right and the wrong sort of people would pay a lot of money for that...

Another pointless piece of information:

[YouGotServed]

Microsoft Powerpoint also does a great job of opening the PowerPoint slideshow.

Crazy!

[chill]

Most people are lucky if DNS just works without major headaches.

I could swear BIND and its config file is considered, along with Sendmail, one of the most convoluted programs in Internetdom. It, again along with Sendmail, is historically also one of the most bug-ridden and exploited.

And now someone is suggesting futzing around with it?! Why not just change your domain to "rootmeplease.com" and get it over with?

-Charles

Nasty Nasty HTML Version

[OverlordQ]

Enjoy

Note: Was converted with *gasp*powerpoint so yes it is horrible :)

anybody remember DNS MUDs?

[andrewagill]

You used to be able to play a text adventure game with DNS:

]$ nslookup - hastur.rlyeh.net
> set querytype=txt
> set domain=adventure
> 1

Alas, hastur has been down since around 1998, but you can still live the magic if you believe in yourself!