Bugtraq mailing list archives
Re: Anyone can take over virtually any domain on the net...
From: rjohnson () TRIPWIRESECURITY COM (Russ Johnson)
Date: Thu, 13 Jan 2000 11:19:15 -0800
I've known for several years that it's possible to hijack a domain name that only uses an email address for authentication. In fact, it's possible to change the email address used by sending a message from another email address. I've done this (twice) with my own domain name, and helped a friend with that friends domain name when the "email address of record" was no longer available to me. My domain names are now protected with passwords, although, I don't think that's much more secure. I just haven't been able to prove it yet. Russ -----Original Message----- From: Thomas Reinke [mailto:reinke () E-SOFTINC COM] Sent: Tuesday, January 11, 2000 9:27 PM To: BUGTRAQ () SECURITYFOCUS COM Subject: Anyone can take over virtually any domain on the net... Wired recently ran an article on the fact that someone recently hijacked a number of domains in the Network Solutions database using email spoofing. At first I thought this had to be a joke. After thinking about it, I realized that its no joke at all, and in fact quite easy to do. Step 1: Send a spoofed email to Network solutions requesting a DNS change to your own DNS server. Step 2: Wait for a short while (the amount of time it normally takes Network Solutions to send out a confirmation email request) Step 3: Send a second spoofed email confirming the request. Step 4: Have your DNS server serve the new web server address from a new webserver with your own content. Network Solutions rep quoted in the wired article: "O'Shaughnessy pointed out that Network Solutions offers more secure services. Most accounts will not need the extra security he said, but in the age of e-commerce and more vital Web services, the onus is on the registrant to see that his domain is secure." Doesn't take too much rocket science to point out that other than the obvious flaws in insecure email, the fact that confirmations to make domain changes do not carry any sort of tracking number make it possible for spoofed email to confirm illegitimate requests. I think it might be appropriate for Network Solutions to add at least THAT much reliability into their confirmation scheme so that that kind of change couldn't occur in the future... BTW, Network Solution's instructions on changing the scheme to a userid and password based system doesn't work very well. We've attempted on several occasions to do this with no luck...thereby forcing on us the guardian scheme:( Cheers, Thomas -- ------------------------------------------------------------ Thomas Reinke Tel: (905) 331-2260 Director of Technology Fax: (905) 331-2504 E-Soft Inc. http://www.e-softinc.com
Current thread:
- Re: Anyone can take over virtually any domain on the net... Janos Zsako (Jan 13)
- <Possible follow-ups>
- Re: Anyone can take over virtually any domain on the net... Russ Johnson (Jan 13)
- Re: Anyone can take over virtually any domain on the net... Ryan Russell (Jan 13)
- Re: Anyone can take over virtually any domain on the net... Haight, Kristofer (Jan 13)
- Re: Anyone can take over virtually any domain on the net... Max Vision (Jan 14)
- Re: Anyone can take over virtually any domain on the net... BUGTRAQ () ROZZ COM (Jan 14)
- Re: Anyone can take over virtually any domain on the net... Bryan Fullerton (Jan 14)
- Re: Anyone can take over virtually any domain on the net... Homer Wilson Smith (Jan 15)
- [support_feedback () us-support external hp com: Security Bulletins Digest] Patrick Oonk (Jan 17)
- Security hole in mail2web web-based emailservice Patrick Oonk (Jan 17)
- Re: Anyone can take over virtually any domain on the net... Brian Mueller (Jan 17)
- Re: Anyone can take over virtually any domain on the net... root (Jan 14)