[Chapter-delegates] Fwd: Big holes in net's heart revealed

Christian de Larrinaga cdel at firsthand.net
Tue May 2 01:10:43 PDT 2006 

Yes in 2000 for .uk zones. I think it was found that about 75% had  
errors but most of these were not critical, although some were major  
potential problems. DNS and other infrastructure health initiatives  
are worth doing but they are a lot of work. There are also commercial  
providers working in this area (competing) and it also has to be  
mentioned that it can get controversial when an ISP's DNS servers are  
found wanting let alone those of a ccTLD registry (which is not  
uncommon).

I took this to about 40 ccTLD's over a couple of years and it was  
useful in generating awareness for these services to keep an eye on  
how their infrastructure is working. I also checked out the key  
financial and government institutions in the UK as they are major  
points of vulnerability. This led to some private phone calls having  
to be made rather than a mass press release.

I'm happy to talk through this if people want to look into this further.

Christian

Christian de Larrinaga
network brokers ltd


On 30 Apr 2006, at 17:32, Patrick Vande Walle wrote:

> Dear all,
>
> I see here a potential for a project associating ISOC and its  
> chapters.  I just tested (with http://www.dnsreport.com) how my  
> local top ten sites performed on the DNS side. The results were  
> surprising: open, recursive DNS servers, invalid glue records,  
> etc., not to mention numerous violations of RFCs on the SMTP side.  
> I guess this is not specific to my country.
>
> ISOC chapters could render a good service to their local community  
> by testing the DNS servers of their community. This is not a new  
> idea actually. ISOC England did a similar project some years ago.
>
> Based on the collected data, the chapter could:
>
> - send a detailed report to each company it tested (and maybe gain  
> an org member in the process)
> - send a statistical report to the local press, which generally  
> likes alarming headlines.
>
> This would also help establish the local chapter as a reference for  
> Internet related issues.
>
> The project itself would be to develop a common technical platform  
> to perform the tests and extracts the statistics.
>
> Best regards
>
> Patrick Vande Walle
> ISOC Luxembourg
>
>
> -------- Original Message --------
> Subject: Big holes in net's heart revealed
> Date: Sun, 30 Apr 2006 08:32:02 -0400
> From: David Farber <dave at farber.net>
> Reply-To: dave at farber.net
> Newsgroups: lists.interesting-people
> References: <70935544-E016-41F9-BD0D-619F652C3ECB at WARPSPEED.COM>
>
>
> Something "well known" but not advertised till now. djf Begin  
> forwarded message: From: Dewayne Hendricks <dewayne at WARPSPEED.COM>  
> Date: April 30, 2006 5:11:08 AM EDT To: Dewayne-Net Technology List  
> <dewayne-net at WARPSPEED.COM> Subject: [Dewayne-Net] Big holes in  
> net's heart revealed Reply-To: dewayne at WARPSPEED.COM Big holes in  
> net's heart revealed By Mark Ward Technology Correspondent, BBC  
> News website Simple attacks could let malicious hackers take over  
> more than one- third of the net's sites, reveals research. The  
> finding was uncovered by researchers who analysed how the net's  
> addressing system works. They also found that if the simple attacks  
> were combined with so- called denial-of-service attacks, 85% of the  
> net becomes vulnerable to take-over. The researchers recommended  
> big changes to the net's addressing system to tackle the  
> vulnerability at its heart. Site seizing When you visit a website,  
> such as news.bbc.co.uk, your computer often asks one of the net's  
> address books, or domain name servers, for information about where  
> that site resides. But the number of computers that have to be  
> consulted to find the computers where that site is located often  
> makes sites vulnerable to attack by vandals and criminals, found  
> Assistant Professor Emin Gun Sirer and Venugopalan Ramasubramanian  
> from the Department of Computer Science at Cornell University.  
> Professor Sirer told the BBC News website that, on average, 46  
> computers holding different information about the components of net  
> addresses are consulted to find out where each dotcom site is  
> actually hosted. But, he said, this chain of dependencies between  
> the computers that look after the different parts of net addresses  
> creates all kinds of   vulnerabilities that clever hackers could  
> easily exploit. "The growth of the internet has caused these  
> dependencies to emerge," said Professor Sirer. "Instead of having  
> to compromise one you can compromise any one of the three dozen."  
> All the information gathered and analysed by the researchers has to  
> be publicly available to keep the net's addressing system working.  
> The research analysed information about almost 600,000 computers.  
> The research also revealed that 17% of the servers that host the  
> net's address books are vulnerable to attack via widely known  
> exploits. "Because of these dependencies about one-third of the  
> net's names are trivially compromisable by script kiddies," he  
> said. One site vulnerable in this way was run by the FBI, said  
> Professor. Sirer. Although the five computers that act as the first  
> reference point for the fbi.gov domain were secure, one of the five  
> that connect to these has yet to install a patch for a well-known  
> bug. That computer was fixed after the Cornell team reported its  
> findings to the FBI, but hundreds of thousands of sites suffer from  
> similar problems. The most vulnerable net domain found by the  
> survey was that of the Roman Catholic Church in the Ukraine.  
> Criminals such as phishing gangs would be interested in re- 
> directing traffic from well-known sites so they can grab key login  
> and personal details that would help them de-fraud web users.  
> [snip] Story from BBC NEWS: <http://news.bbc.co.uk/go/pr/fr/-/1/hi/ 
> technology/4954208.stm> Published: 2006/04/28 13:58:07 GMT Weblog  
> at: <http://weblog.warpspeed.com>  
> ------------------------------------- You are subscribed as  
> patrick at isoc.lu To manage your subscription, go to http:// 
> v2.listbox.com/member/?listname=ip Archives at: http:// 
> www.interesting-people.org/archives/interesting-people/
> _______________________________________________
> Chapter-delegates mailing list
> Chapter-delegates at elists.isoc.org
> http://elists.isoc.org/mailman/listinfo/chapter-delegates

More information about the Chapter-delegates mailing list