In case anybody is interested about this,
+ ICANN's web page was not directly disrupted
+ NSI's web page was effectively redirected to ICANN's, causing an
abnormally large load on ICANN's servers.
There has been much speculation as to how the redirection was effected,
focussing initially on some of the exotic vulnerabilities in the DNS
protocol. However, George Herbert of CRL posted this to the NANOG list:
> My sources are confirming it was a glue record
> issue... someone did the rough equivalent of putting in a new
> domain registration with servers WWW.NETWORKSOLUTIONS.NET and
> WWW.NETSOL.NET as their nameservers, but with the IPs of the
> real ICANN webservers. The problem is that the nameserver
> entries and glue records in general aren't sanity checked
> (or weren't before today). The real solution eventually
> has to be some sort requested nameserver forward lookup IP
> match confirmation prior to accepting a nameserver record in
> new/change applications; if nameserver FOO.BAR.COM is listed
> on an application and its IP is listed as 123.4.5.6 but
> nslookup foo.bar.com shows it at 78.9.10.11 then the
> application should be held until the discrepancy is
> resolved properly.
>
> I remember suggesting this to Mark Kosters in, oh, April 1993?
So, in other words, bogus records for the web servers concerned were
introduced high into the nameserver hierarchy, leading these records
to be returned to clients. Hence NSI's web servers were redirected
for large sections of the internet.
Joe
On Sat, Jul 03, 1999 at 02:04:14PM +1200, Joop Teernstra wrote:
> I just got this from ICANN announce:
>
> FOR IMMEDIATE RELEASE
>
> INTERNET CORPORATION FOR ASSIGNED NAMES AND NUMBERS (ICANN) STATEMENT ON
> HACKING OF NETWORK SOLUTIONS' SERVERS
>
> Marina Del Rey, CA (July 2, 1999) - For several hours earlier today, access
> to the server which hosts the ICANN Web site was disrupted. The information
> on ICANN's Web site is administrative in nature and was not damaged.
>
> We have since been made aware of a concerted effort to tamper with some of
> the servers currently operated by Network Solutions, Inc. of Herndon,
> Virginia. The incident, which is potentially criminal, has been referred to
> the appropriate law enforcement officials. An investigation into the source
> of the attack, and the manner in which it was carried out, is currently
> underway. While there is no evidence that the servers under its control
> have been harmed, ICANN is taking the appropriate measures to protect its
> equipment located at the Information Sciences Institute of the University of
> Southern California.
>
> ICANN condemns this action as an attempt to undermine the stability of the
> domain name system and will cooperate fully with any investigation into the
> matter.
>
> About ICANN:
> The Internet Corporation for Assigned Names and Numbers (ICANN) is the new
> non-profit corporation that was formed to take over responsibility for the
> IP address space allocation, protocol parameter assignment, domain name
> system management, and root server system management functions now performed
> under U.S. Government contract by IANA and other entities.
>
> Contact: Joe Sheffo
> Alexander Ogilvy Public Relations Worldwide
> 415-923-1660
> jsheffo@alexanderogilvy.com
>
> --Joop Teernstra LL.M.-- , bootstrap of
> the Cyberspace Association,
> the constituency for Individual Domain Name Owners
> http://www.idno.org
> -
> This message was sent via the IDNO-DISCUSS mailing list. To unsubscribe,
> send a message containing the line "unsubscribe idno-discuss" to
> majordomo@idno.org. For more information, see http://www.idno.org/
-
This message was sent via the IDNO-DISCUSS mailing list. To unsubscribe,
send a message containing the line "unsubscribe idno-discuss" to
majordomo@idno.org. For more information, see http://www.idno.org/