[dnssec-deployment] Fwd: [IP] Good Always Comes Out of Bad

Steve Crocker steve at shinkuro.com
Sun Jun 29 10:48:31 EDT 2008 

Good point!  Yes, if ICANN were signing its zones, and if validators  
were checking signatures, then bogus NS records would have been  
detected and discarded.  The zone might have gone dark, but false  
entries would have been ignored.

Steve



On Jun 29, 2008, at 10:35 AM, Ralph Droms wrote:

> Does anyone one this list have the details of the attack described  
> below?
>
> Is it an attack that could have been mitigated by dnssec?  Are  
> there other ways in which the attack could be mitigated?
>
> I'm wondering if this attack can be used to promote the need for  
> dnssec deployment.
>
> - Ralph
>
>
> Begin forwarded message:
>
>> From: David Farber <dave at farber.net>
>> Date: June 29, 2008 8:43:13 AM EDT
>> To: "ip" <ip at v2.listbox.com>
>> Subject: [IP] Good Always Comes Out of Bad
>> Reply-To: dave at farber.net
>>
>>
>> ________________________________________
>> From: bobr at bobrosenberg.phoenix.az.us  
>> [bobr at bobrosenberg.phoenix.az.us]
>> Sent: Saturday, June 28, 2008 7:34 PM
>> To: David Farber
>> Subject: ISC:  Good Always Comes Out of Bad
>>
>> Dave
>>
>> Perhaps for I.P.
>>
>> This item comes from the Internet Storm Center run by sans.org.
>>
>> Bob
>>
>>
>> Good Always Comes Out of Bad
>> Published: 2008-06-28,
>> Last Updated: 2008-06-28 20:12:37 UTC
>> by Lorna Hutcheson (Version: 1)
>> http://isc.sans.org/diary.html?storyid=4637
>>
>>
>> In the past couple of days, reports have surfaced on the hijacking  
>> of the domains
>> for ICANN and IANA attributed to the group NetDevilz.  According  
>> to news articles,
>> an ICANN spokesman stated they were unaware of the events.  The  
>> total time for the
>> redirection before the entry was corrected was about twenty  
>> minutes.  However it
>> will take 24 to 48 hours after the correction to ensure all the  
>> DNS entries are
>> updated.  In that time, users were redirected to a site that  
>> stated the follow:
>>
>> “You think that you control the domains but you don’t! Everybody  
>> knows wrong. We
>> control the domains including ICANN! Don’t you believe us? haha :)  
>> (Lovable Turkish
>> hackers group)”
>>
>> What triggered the changing of the DNS entries has not been  
>> disclosed that I have
>> found.  Dancho Danchevs blog shows an email address listed in the  
>> updated records
>> and note the email address in the entry called  
>> "foricann1230 at gmail.com" as well as
>> the date they were updated as June 26.  Regardless of how it  
>> happened (though I'm
>> sure everyone would like to know) there is a big concern here.   
>> Nothing on the
>> internet is safe and if this can happen to these folks, it can  
>> happen to anyone.
>>
>> It is events such as this that make me more determined to stay a  
>> hard nose when it
>> comes to security and protecting the
>> organization I am supporting.  These events actually do have good  
>> that comes out of
>> them.  I always print out these articles and do a screenshot of  
>> the article and save
>> it to a file with the url of where I got it.  I can then add them  
>> to a presentation
>> and also use them as pass arounds during a presentation or simply  
>> highly key points
>> and discuss them with the group.  It is very useful to show to  
>> management that the
>> threat is real and we can't let our guard down.  As managers and  
>> users alike, they
>> don't understand security, the threats, how they work and the  
>> dangers that are
>> lurking on the Internet.  It's hard for management to understand  
>> why your security
>> officer sounds like a paranoid lunatic and wants more money for  
>> security:>)  Doing
>> this has really helped me to get their attention and to justify  
>> the funding to help
>> plus up weak points in our security posture.
>>
>> So, take advantage of events that have high publicity such as  
>> these, include them in
>> reports to your management and use them to help educate people.   
>> Even though the bad
>> guys may gained an inch, let use it against them to gain a mile in  
>> the world of
>> security. We can do this by learning from it and working to use it  
>> to increasing
>> awareness and move our own security posture forward.
>>
>>
>>
>>
>> -------------------------------------------
>> Archives: http://www.listbox.com/member/archive/247/=now
>> RSS Feed: http://www.listbox.com/member/archive/rss/247/
>> Powered by Listbox: http://www.listbox.com
>
>
> #############################################################
> This message is sent to you because you are subscribed to
>  the mailing list <dnssec-deployment at shinkuro.com>.
> To unsubscribe, E-mail to: <dnssec-deployment-off at shinkuro.com>
> A public archive is available here: <http://mail.shinkuro.com:8100/ 
> Lists/dnssec-deployment/>
> and older material is at
> <http://mail.shinkuro.com:8100/Lists/dnssec-deployment-archive/>

More information about the Dnssec-deployment mailing list