Slashdot Mirror

← Back to Stories (view on slashdot.org)

What Could You Do With a Bogus Root Name Server?

Posted by Soulskill on from the root-root-root-for-the-home-team dept.

Barlaam notes a post from the Renesys Blog which follows up on news they discussed a couple weeks ago about the 'identity theft' of a root name server. To emphasize the issue of safeguarding such a system, they've now posted an explanation of exactly how the situation could be exploited. "It shouldn't be too hard to see that you could end up answering every DNS query from an organization that came to you for an updated list of root name servers. Every one. And you might end up doing this for a very long time, especially if your answers were largely correct. An attack like this would have no resemblance to the YouTube hijack, where the entire planet gets a blank page and it's immediately apparent that something isn't right. Obvious events like this will continue to occur, and we'll continue to resolve them relatively quickly. But as this incident demonstrates, DNS hijacks are far less obvious and potentially far more harmful."

4 of 120 comments (clear)

  1. I've heard of this new technology... by ZeroPly · · Score: 3, Interesting

    ... whereby you can actually "sign" digital data so that it's clear where it came from. If somehow they could incorporate that into this whole "DNS" system, maybe it would fix the problem?

    --
    Support microSD: in a post 9/11 world, it is unwise to carry your data on media that you cannot comfortably swallow.
    1. Re:I've heard of this new technology... by klapaucjusz · · Score: 4, Interesting

      DNSSEC has gone through three (3) mutually incompatible specifications. The DNSSEC people are claiming that the last revision really really works, honest, gov, and that all that remains to be done is deploying it.

      But they don't appear to be deploying it on their own servers.

  2. Re:break everything by milsoRgen · · Score: 4, Interesting

    Actually a 7 day outage might be just enough to wake people up to the importance of patching your infrastructure That and I'm afraid it would awaken certain governments with the sudden realization now is the chance to install a large scale surveillance infrastructure (or something just as evil) all in the name of fighting the terrorists that caused the disturbance. Oh and I'm sure there would be provisions added to enforce copyright while they're at it.
    --
    I'm sick of following my dreams. I'm just going to ask where they're goin' and hook up with 'em later.
  3. Re:break everything by ColdWetDog · · Score: 4, Interesting

    That and I'm afraid it would awaken certain governments with the sudden realization now is the chance to install a large scale surveillance infrastructure (or something just as evil) all in the name of fighting the terrorists that caused the disturbance. Oh and I'm sure there would be provisions added to enforce copyright while they're at it.

    Exactly. If you think the problem is bad now, wait until we've fixed it. (Arthur Kasspe). This should be the motto engraved on every Government departmental seal.

    --
    Faster! Faster! Faster would be better!