[LINK] Web sites 'stolen' by hackers

Adam Todd at@ah.net
Fri, 02 Jun 2000 16:50:25 +1000 

> > I presume this means that the DNS can subverted/hacked???
>
>If you're referring to the DNS servers, probably not. There *were* some
>DNS server hacks relating to service of domains, most notably by
>Kashpureff; and there *were* some holes in a popular implementation that

Eugene exploited a known vulnerability to which "authorities" (if they 
exist) ignored.

For those that don't know.  EK polluted the .COM primary server changing 
the A record fro www.internic.net to point to www.alternic.net

A rather extensive FBI hunt took place in the USA whilst EK hid himself in 
Canada.  I've still got emails from him back then where he explains he 
isn't proud of the action, but NSI angered him so much with the flawed 
policies at the time and the current increase of debate about how secure 
and safe the DNS system was that he had to do it to prove the point.

Problem was he did it twice!

>allowed crackers to exploit DNS server software and gain access to
>machines - but nothing lately.

I'm currently investigating a recent incident that saw a set of DNS servers 
very close to this mail list corrupted.  It's not the first incident of 
this kind reported, but to date no cause has been found.  Reloading the 
servers fixed the problem.  Whatever it was.  Traffic logs to date have not 
shown anything, so it might just be an intermittent overflow bug in the 
code somewhere that doesn't show up very often and isn't a really big issue.

> > the database where Internet addresses are reserved. Five days later,
> > the Web sites are still broken and the domain names are registered to
> > someone else. Both firms were likely victims of the third publicized
>
>Most likely, the processes involved in delegating a domain or server at a
>particular registrar have been subverted. This is *probably* the
>registrar's fault.

Not necessarily.  There is a lot of domain slamming going on.  Some is 
being done by the Registrars themselves, other incidents are purely people 
finding exploits in the SRS.

I'm not familiar with the RFC's for the SRS, I've just followed the 
occasional argument over the lax security.  No doubt taking the time to 
read the SRS documents will allow anyone with enough brain to breach the 
security protocols as they are reportedly rather lax.