Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
/

Today's breaking news
Send to a friendFeedback

By Todd Wallack
Network World, 07/28/97

Alexandria, Va.

A federal judge last week ordered a man to temporarily stop rerouting end users trying to reach the Internet Network Information Center (InterNIC) Web site.

Eugene Kashpureff, who wants to compete with the InterNIC domain name registry, exploited a flaw in the Domain Name System (DNS) to redirect users to his own site. Many users trying to reach www.internic.net over the past few weeks instead found themselves staring at www.alternic.net, where Kashpureff peddles his own Internet addresses.

"We [were] protesting the recent InterNIC claim to ownership of .com, .org and .net, which they were supposed to be running in the public trust," Kashpureff said on his Web site. In an interview, Kashpureff said he thought the hack was legal.

But Network Solutions, Inc. (NSI), which runs InterNIC operations and claims it owns the .com name and database, went to court to stop the detour. NSI officials persuaded a judge here to grant a 10-day temporary restraining order and are exploring more permanent legal remedies. Sources said the FBI also is looking into the matter.

"Misdirecting people is un-ethical as hell, and it may be a civil issue," said Karl Denninger, who worked with Kashpureff to develop an alternative Internet domain system until they had a falling out a few months ago. He also runs MCSNet, a Chicago-based Internet service provider.

"If it was done to us, we'd pursue it on both civil and criminal levels, but I have no idea if we'd get anywhere," Denninger said.

How did he do it?

Kashpureff declined to say how he performed the hack.

"If it got around, the DNS would be broken," he said. "I could do things with this that would blow the world's mind."

But Denninger said Kashpureff simply took advantage of a flaw in older versions of DNS software.

Specifically, the hack occurred whenever someone looked up www.alternic.net or another address in which it was necessary to query one of Kashpureff's name servers for the IP number.

Along with the correct information, Kashpureff programmed his DNS servers to send along phony "additional records" linking www.internic.net to one of his own IP numbers.

Moreover, he set the expiration date for 60 days.

"Until that time elapses, once you get polluted, you will think that the IP number for www.internic.net is something other than what it really is," Denninger said. "Your name server doesn't know any better because it was deliberately fed bad information designed to trick you into going somewhere else."

He said the latest versions of DNS software tosses out "additional records," but versions prior to 4.9.6 and 8.1.1 cache them instead. A large number of DNS servers still use older versions of the software.

Asked whether the hack was an effective protest or wound up damaging his own credibility, Kashpureff replied: "Both." @

RELATED LINKS


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.