Bugtraq mailing list archives
Re: The out-of-domain NS registration attack
From: djb () CR YP TO (D. J. Bernstein)
Date: Mon, 20 Mar 2000 12:20:36 -0000
dgover () cindy hol gr writes:
When you specify ns1.jsnet.com as an NS for your domain, the IP address NSI already holds for this hostname is used.
As I said before, NSI isn't holding an IP address for this name. On the other hand, as David Terrell pointed out, NSI won't accept ns1.jsnet.com host information except from the jsnet.com contact, so my example does not work as stated. NSI will still accept host information outside *.com, *.net, and *.org; I've registered crypto.gov, for example, as you can see from whois. Fortunately, NSI has stopped providing glue for NS names of this type. So my current impression is that NSI is immune to this attack. However, at least two country TLDs are vulnerable. A simple solution, as described in my previous message, is for the registries to automatically replace out-of-domain NS names with in-domain NS names. I categorically recommend this strategy for all new registries. Furthermore, NSI's host-registration process still allows massive abuse. An attacker can register host names under all the IP addresses for a newly assigned network, preventing the legitimate users from setting up their own name servers. A bunch of attackers doing this for fun could cause endless hassle for NSI and its new registrants. Fix: Scrap the bogus requirement that different names have different IP addresses. ---Dan
Current thread:
- The out-of-domain NS registration attack D. J. Bernstein (Mar 13)
- Re: The out-of-domain NS registration attack David Terrell (Mar 14)
- Re: The out-of-domain NS registration attack David, Gover (Mar 15)
- Re: The out-of-domain NS registration attack D. J. Bernstein (Mar 20)
- Last call for paper - Raid 2000 - Deadline is March 31st Herve Debar (Mar 21)
- <Possible follow-ups>
- Re: The out-of-domain NS registration attack Sanford Whiteman (Mar 17)
- Re: The out-of-domain NS registration attack Chris Adams (Mar 20)