[Chapter-delegates] Fwd: Big holes in net's heart revealed

Patrick Vande Walle patrick at vande-walle.eu
Sun Apr 30 09:32:17 PDT 2006 

Dear all,

I see here a potential for a project associating ISOC and its chapters. 
I just tested (with http://www.dnsreport.com) how my local top ten sites
performed on the DNS side. The results were surprising: open, recursive
DNS servers, invalid glue records, etc., not to mention numerous
violations of RFCs on the SMTP side. I guess this is not specific to my
country.

ISOC chapters could render a good service to their local community by
testing the DNS servers of their community. This is not a new idea
actually. ISOC England did a similar project some years ago.

Based on the collected data, the chapter could:

- send a detailed report to each company it tested (and maybe gain an
org member in the process)
- send a statistical report to the local press, which generally likes
alarming headlines.

This would also help establish the local chapter as a reference for
Internet related issues.

The project itself would be to develop a common technical platform to
perform the tests and extracts the statistics.

Best regards

Patrick Vande Walle
ISOC Luxembourg


-------- Original Message --------
Subject: 	Big holes in net's heart revealed
Date: 	Sun, 30 Apr 2006 08:32:02 -0400
From: 	David Farber <dave at farber.net>
Reply-To: 	dave at farber.net
Newsgroups: 	lists.interesting-people
References: 	<70935544-E016-41F9-BD0D-619F652C3ECB at WARPSPEED.COM>



Something "well known" but not advertised till now. djf


Begin forwarded message:

From: Dewayne Hendricks <dewayne at WARPSPEED.COM>
Date: April 30, 2006 5:11:08 AM EDT
To: Dewayne-Net Technology List <dewayne-net at WARPSPEED.COM>
Subject: [Dewayne-Net] Big holes in net's heart revealed
Reply-To: dewayne at WARPSPEED.COM

  Big holes in net's heart revealed
By Mark Ward
Technology Correspondent, BBC News website

Simple attacks could let malicious hackers take over more than one- 
third of the net's sites, reveals research.

The finding was uncovered by researchers who analysed how the net's  
addressing system works.

They also found that if the simple attacks were combined with so- 
called denial-of-service attacks, 85% of the net becomes vulnerable  
to take-over.

The researchers recommended big changes to the net's addressing  
system to tackle the vulnerability at its heart.

Site seizing

When you visit a website, such as news.bbc.co.uk, your computer often  
asks one of the net's address books, or domain name servers, for  
information about where that site resides.

But the number of computers that have to be consulted to find the  
computers where that site is located often makes sites vulnerable to  
attack by vandals and criminals, found Assistant Professor Emin Gun  
Sirer and Venugopalan Ramasubramanian from the Department of Computer  
Science at Cornell University.

Professor Sirer told the BBC News website that, on average, 46  
computers holding different information about the components of net  
addresses are consulted to find out where each dotcom site is  
actually hosted.

But, he said, this chain of dependencies between the computers that  
look after the different parts of net addresses creates all kinds of  
vulnerabilities that clever hackers could easily exploit.

"The growth of the internet has caused these dependencies to emerge,"  
said Professor Sirer. "Instead of having to compromise one you can  
compromise any one of the three dozen."

All the information gathered and analysed by the researchers has to  
be publicly available to keep the net's addressing system working.  
The research analysed information about almost 600,000 computers.

The research also revealed that 17% of the servers that host the  
net's address books are vulnerable to attack via widely known exploits.

"Because of these dependencies about one-third of the net's names are  
trivially compromisable by script kiddies," he said.

One site vulnerable in this way was run by the FBI, said Professor.  
Sirer. Although the five computers that act as the first reference  
point for the fbi.gov domain were secure, one of the five that  
connect to these has yet to install a patch for a well-known bug.

That computer was fixed after the Cornell team reported its findings  
to the FBI, but hundreds of thousands of sites suffer from similar  
problems.

The most vulnerable net domain found by the survey was that of the  
Roman Catholic Church in the Ukraine.

Criminals such as phishing gangs would be interested in re-directing  
traffic from well-known sites so they can grab key login and personal  
details that would help them de-fraud web users.

[snip]

Story from BBC NEWS:
<http://news.bbc.co.uk/go/pr/fr/-/1/hi/technology/4954208.stm>

Published: 2006/04/28 13:58:07 GMT

Weblog at: <http://weblog.warpspeed.com>



-------------------------------------
You are subscribed as patrick at isoc.lu
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://elists.isoc.org/mailman/private/chapter-delegates/attachments/20060430/2fb5a0e7/attachment.htm>

More information about the Chapter-delegates mailing list