[LINK] Web sites 'stolen' by hackers
Fri, 02 Jun 2000 16:50:25 +1000
> > I presume this means that the DNS can subverted/hacked???
>If you're referring to the DNS servers, probably not. There *were* some
>DNS server hacks relating to service of domains, most notably by
>Kashpureff; and there *were* some holes in a popular implementation that
Eugene exploited a known vulnerability to which "authorities" (if they
For those that don't know. EK polluted the .COM primary server changing
the A record fro www.internic.net to point to www.alternic.net
A rather extensive FBI hunt took place in the USA whilst EK hid himself in
Canada. I've still got emails from him back then where he explains he
isn't proud of the action, but NSI angered him so much with the flawed
policies at the time and the current increase of debate about how secure
and safe the DNS system was that he had to do it to prove the point.
Problem was he did it twice!
>allowed crackers to exploit DNS server software and gain access to
>machines - but nothing lately.
I'm currently investigating a recent incident that saw a set of DNS servers
very close to this mail list corrupted. It's not the first incident of
this kind reported, but to date no cause has been found. Reloading the
servers fixed the problem. Whatever it was. Traffic logs to date have not
shown anything, so it might just be an intermittent overflow bug in the
code somewhere that doesn't show up very often and isn't a really big issue.
> > the database where Internet addresses are reserved. Five days later,
> > the Web sites are still broken and the domain names are registered to
> > someone else. Both firms were likely victims of the third publicized
>Most likely, the processes involved in delegating a domain or server at a
>particular registrar have been subverted. This is *probably* the
Not necessarily. There is a lot of domain slamming going on. Some is
being done by the Registrars themselves, other incidents are purely people
finding exploits in the SRS.
I'm not familiar with the RFC's for the SRS, I've just followed the
occasional argument over the lax security. No doubt taking the time to
read the SRS documents will allow anyone with enough brain to breach the
security protocols as they are reportedly rather lax.