DOCSLIB.ORG

Federal Register/Vol. 63, No. 111/Wednesday, June 10, 1998

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Federal Register/Vol. 63, No. 111/Wednesday, June 10, 1998 Federal Register / Vol. 63, No. 111 / Wednesday, June 10, 1998 / Notices 31741 differences of juvenile fish as they pass rulemaking, or ``Green Paper,'' was U.S. Role in DNS Development downstream through Lake Pateros and published in the Federal Register on Wells Dam. For modification 1, PUD GC February 20, 1998, providing More than 25 years ago, the U.S. Government began funding research requests an increase in the take of opportunity for public comment. NTIA necessary to develop packet-switching juvenile, endangered, UCR steelhead received more than 650 comments, as of technology and communications associated with a study designed to March 23, 1998, when the comment networks, starting with the ``ARPANET'' inventory fish species in Wells reservoir period closed.3 network established by the Department on the Columbia River. ESA-listed fish The Green Paper proposed certain are proposed to be observed by SCUBA of Defense's Advanced Research actions designed to privatize the Projects Agency (DARPA) in the 1960s. divers or collected in beach seines, management of Internet names and anesthetized, examined, allowed to ARPANET was later linked to other addresses in a manner that allows for recover, and released. Modification 1 is networks established by other the development of robust competition requested to be valid for the duration of government agencies, universities and and facilitates global participation in the permit. Permit 1116 expires on research facilities. During the 1970s, Internet management. The Green Paper December 31, 2002. DARPA also funded the development of proposed for discussion a variety of a ``network of networks;'' this became Dated: June 4, 1998. issues relating to DNS management known as the Internet, and the protocols Patricia A. Montanio, including private sector creation of a that allowed the networks to Deputy Director, Office of Protected new not-for-profit corporation (the ``new intercommunicate became known as Resources, National Marine Fisheries Service. corporation'') managed by a globally Internet protocols (IP). [FR Doc. 98±15439 Filed 6±9±98; 8:45 am] and functionally representative Board of As part of the ARPANET development BILLING CODE 3510±22±F Directors. work contracted to the University of EFFECTIVE DATE: This general statement California at Los Angeles (UCLA), Dr. Jon Postel, then a graduate student at DEPARTMENT OF COMMERCE of policy is not subject to the delay in effective date required of substantive the university, undertook the National Telecommunications and rules under 5 U.S.C. § 553(d). It does not maintenance of a list of host names and Information Administration contain mandatory provisions and does addresses and also a list of documents not itself have the force and effect of prepared by ARPANET researchers, [Docket Number: 980212036±8146±02] law.4 Therefore, the effective date of this called Requests for Comments (RFCs). policy statement is June 10, 1998. The lists and the RFCs were made Management of Internet Names and available to the network community Addresses FOR FURTHER INFORMATION CONTACT: through the auspices of SRI Karen Rose, Office of International AGENCY: National Telecommunications International, under contract to DARPA Affairs (OIA), Rm 4701, National and Information Administration, and later the Defense Communication Telecommunications and Information Commerce. Agency (DCA) (now the Defense Administration (NTIA), U.S. ACTION: Statement of policy. Information Systems Agency (DISA)) for Department of Commerce, 14th and performing the functions of the Network SUMMARY: On July 1, 1997, as part of the Constitution Ave., NW, Washington, Information Center (the NIC). DC., 20230. Telephone: (202) 482±0365. Clinton Administration's Framework for After Dr. Postel moved from UCLA to 1 E-mail: [email protected] Global Electronic Commerce, the the Information Sciences Institute (ISI) President directed the Secretary of Authority: 15 U.S.C. 1512; 15 U.S.C. 1525; at the University of Southern California Commerce to privatize the domain name 47 U.S.C. 902(b)(2)(H); 47 U.S.C. 902(b)(2)(I); (USC), he continued to maintain the list system (DNS) in a manner that increases 47 U.S.C. 902(b)(2)(M); 47 U.S.C. 904(c)(1). of assigned Internet numbers and names competition and facilitates international SUPPLEMENTARY INFORMATION: under contracts with DARPA. SRI participation in its management. International continued to publish the Accordingly, on July 2, 1997, the Background lists. As the lists grew, DARPA Department of Commerce issued a permitted Dr. Postel to delegate Request for Comments (RFC) on DNS Domain names are the familiar and additional administrative aspects of the administration. The RFC solicited easy-to-remember names for Internet list maintenance to SRI, under public input on issues relating to the computers (e.g., continuing technical oversight. Dr. overall framework of the DNS ``www.ecommerce.gov''). They map to Postel, under the DARPA contracts, also administration, the creation of new top- unique Internet Protocol (IP) numbers published a list of technical parameters level domains, policies for domain (e.g., 98.37.241.30) that serve as routing that had been assigned for use by name registrars, and trademark issues. addresses on the Internet. The domain protocol developers. Eventually these During the comment period, more than name system (DNS) translates Internet functions collectively became known as 430 comments were received, names into the IP numbers needed for the Internet Assigned Numbers amounting to some 1500 pages.2 transmission of information across the Authority (IANA). On January 30, 1998, the National network. Until the early 1980s, the Internet was Telecommunications and Information managed by DARPA, and used primarily Administration (NTIA), an agency of the 3 The RFC, the Green Paper, and comments for research purposes. Nonetheless, the Department of Commerce, issued for received in response to both documents are available on the Internet at the following address: task of maintaining the name list comment, A Proposal to Improve the became onerous, and the Domain Name Technical Management of Internet <http://www.ntia.doc.gov>. Additional comments were submitted after March 23, 1998. These System (DNS) was developed to Names and Addresses. The proposed comments have been considered and treated as part improve the process. Dr. Postel and SRI of the official record and have been separately participated in DARPA's development 1 Available at <http://www.ecommerce.gov>. posted at the same site, although the comments 2 July 2, 1997 RFC and public comments are were not received by the deadline established in the and establishment of the technology and located at: <http://www.ntia.doc.gov/ntiahome/ February 20, 1998 Federal Register Notice. practices used by the DNS. By 1990, domainname/index.html>. 4 See Administrative Law Requirements at p. 19. ARPANET was completely phased out. 31742 Federal Register / Vol. 63, No. 111 / Wednesday, June 10, 1998 / Notices The National Science Foundation today's vibrant World Wide Web. This The U.S. Government plays a role in the (NSF) has statutory authority for type of pioneering Internet research and operation of about half of the Internet's supporting and strengthening basic development continues in cooperative root servers. Universal name scientific research, engineering, and organizations and consortia throughout consistency on the Internet cannot be educational activities in the United the world. guaranteed without a set of authoritative States, including the maintenance of and consistent roots. Without such DNS Management Today computer networks to connect research consistency messages could not be and educational institutions. Beginning In recent years, commercial use of the routed with any certainty to the in 1987, IBM, MCI and Merit developed Internet has expanded rapidly. As a intended addresses. NSFNET, a national high-speed network legacy, however, major components of (4) Protocol Assignment. based on Internet protocols, under an the domain name system are still The Internet protocol suite, as defined award from NSF. NSFNET, the largest of performed by, or subject to, agreements by the Internet Engineering Task Force the governmental networks, provided a with agencies of the U.S. Government. (IETF), contains many technical ``backbone'' to connect other networks (1) Assignment of numerical parameters, including protocol serving more than 4,000 research and addresses to Internet users. numbers, port numbers, autonomous educational institutions throughout the Every Internet computer has a unique system numbers, management country. The National Aeronautics and IP number. IANA, headed by Dr. Jon information base object identifiers and Space Administration (NASA) and the Postel, coordinates this system by others. The common use of these U.S. Department of Energy also allocating blocks of numerical addresses protocols by the Internet community contributed backbone facilities. to regional IP registries (ARIN in North requires that the particular values used In 1991±92, NSF assumed America, RIPE in Europe, and APNIC in in these fields be assigned uniquely. responsibility for coordinating and the Asia/Pacific region), under contract Currently, IANA, under contract with funding the management of the non- with DARPA. In turn, larger Internet DARPA, makes these assignments and military portion of the Internet service providers apply to the regional maintains a registry of the assigned infrastructure. NSF solicited
Load more

Recommended publications
  • The ISP Column What's in a Name?
    The ISP Column A monthly column on things Internet Geoff Huston December 2015 What’s in a Name? What's in a name? that which we call a rose By any other name would smell as sweet; Romeo and Juliet, Act II, Scene II What’s the difference between .local and .here? Or between .onion and .apple? All four of these labels are capable of being represented in the Internet’s Domain Name System as a generic Top Level Domains (gTLDs), but only two of these are in fact delegated names. The other two, .local and .onion not only don’t exist in the delegated name space, but by virtue of a registration in the IANA’s Special Use Domain Name registry (http://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml), these names cannot exist in the conventional delegated domain name space. It seems that Internet does not have a single coherent name space, but has a number of silent and unsignalled fracture lines, and instead of being administered by a single administrative body there are a number of folk who appear to want to have a hand on the tiller! Let’s look at the domain name space and try and gain some insight as to haw we’ve managed to get ourselves into this somewhat uncomfortable position. A Brief History of the DNS A good place to start is probably RFC 920, authored by Jon Postel and Joyce Reynolds, and published October 1984. The name space was divided by a small set of so-called Top Level Domains, with a temporary name of .arpa the category-based names of .com, .edu, .gov, .mil and .org, as well as the collection of two-letter country codes as administered by the Internet Standards Organization and published as ISO-3166.
    [Show full text]
  • Top Five DNS Security Attack Risks and How to Avoid Them How to Effectively Scale, Secure, Manage, and Protect Your DNS Table of Contents
    WHITEPAPER Top Five DNS Security Attack Risks and How to Avoid Them How to Effectively Scale, Secure, Manage, and Protect Your DNS Table of Contents Executive Overview 2 DNS Attacks Are on the Rise 2 External Name Server Basics 2 DNS Security Flaws and Management Challenges 3 Aren’t General-Purpose Computers Good Enough for DNS? 4 Securing Your DNS Infrastructure and Applications 6 The Infoblox Approach to DNS Security 6 Benefits of Purpose-Built Appliances 7 Conclusion 8 1 WHITEPAPER Top Five DNS Security Attack Risks and How to Avoid Them Executive Overview “If your data center is not available, all the compli- Cyber attacks on Domain Name System (DNS) servers represent one of the most ance or data integrity in the significant threats to Internet security today. Because DNS is used by nearly all world is not going to help networked applications – including email, Web browsing, ecommerce, Internet your customers, business, telephony, and more – these types of attacks threaten the very basis of modern or your brand. DDOS is the number one threat to the communications and commerce. Whether conducted for financial motives, political availability of data center gain, or the notoriety of the hacker, the damage from a DNS attack can be devastating resources...” for the target organizations. Rob Ayoub, Frost and Sullivan, Global Program Director, This paper will highlight how traditional DNS infrastructure deployments can actually Network Security increase the risks of DNS attacks. The paper also covers best practices and options for a hardened DNS layer that can minimize the risk of experiencing a DNS attack by identifying the symptoms and implementing a response faster.
    [Show full text]
  • Unclassified OCDE/GD(97)207
    Unclassified OCDE/GD(97)207 INTERNET DOMAIN NAMES: ALLOCATION POLICIES ORGANISATION FOR ECONOMIC CO-OPERATION AND DEVELOPMENT Paris 60465 Document complet disponible sur OLIS dans son format d'origine Complete document available on OLIS in its original format Copyright OECD, 1997 Applications for permission to reproduce or translate all or part of this material should be made to: Head of Publications Services, OECD, 2 rue André-Pascal, 75775 Paris Cedex 16, France 2 TABLE OF CONTENTS FOREWORD.................................................................................................................................................. 5 MAIN POINTS............................................................................................................................................... 6 INTERNET GROWTH AND THE DOMAIN NAME SYSTEM................................................................. 8 DOMAIN NAME SYSTEM OPERATIONS IN OECD COUNTRIES...................................................... 16 The Administration of Top Level Domains and Market Structure .......................................................... 17 The Administration of Generic Top Level Domains and Market Structure ............................................. 18 POLICY COMPARISON BETWEEN DOMAIN REGISTRARS.............................................................. 29 Location Requirements ............................................................................................................................. 29 Application Limits ...................................................................................................................................
    [Show full text]
  • Orderly Expansion of the International Top-Level Domains: Concurrent Trademark Users Need a Way out of the Internet Trademark Quagmire, 15 J
    The John Marshall Journal of Information Technology & Privacy Law Volume 15 Issue 3 Journal of Computer & Information Law Article 6 - Spring 1997 Spring 1997 Orderly Expansion of the International Top-Level Domains: Concurrent Trademark Users Need a Way Out of the Internet Trademark Quagmire, 15 J. Marshall J. Computer & Info. L. 521 (1997) David B. Nash Follow this and additional works at: https://repository.law.uic.edu/jitpl Part of the Computer Law Commons, Intellectual Property Law Commons, International Law Commons, Internet Law Commons, Privacy Law Commons, and the Science and Technology Law Commons Recommended Citation David B. Nash, Orderly Expansion of the International Top-Level Domains: Concurrent Trademark Users Need a Way Out of the Internet Trademark Quagmire, 15 J. Marshall J. Computer & Info. L. 521 (1997) https://repository.law.uic.edu/jitpl/vol15/iss3/6 This Comments is brought to you for free and open access by UIC Law Open Access Repository. It has been accepted for inclusion in The John Marshall Journal of Information Technology & Privacy Law by an authorized administrator of UIC Law Open Access Repository. For more information, please contact [email protected]. ORDERLY EXPANSION OF THE INTERNATIONAL TOP-LEVEL DOMAINS: CONCURRENT TRADEMARK USERS NEED A WAY OUT OF THE INTERNET TRADEMARK QUAGMIRE I. INTRODUCTION "If you want to attach your network to the Internet,' but you don't like NSI's 2 policies, for whatever reason, you quickly learn that NSI is the only game in town."3 Any organization that wants a domain name in an international top-level domain ("iTLD") has to register with the In- terNIC4 domain name registry which is administered by Network Serv- 1.
    [Show full text]
  • “ICANN Update” Herbert Vitzthum ICANN Cctld Liaison [email protected] January, 16Th 2002 CENTR DNR-Forum at RIPE-Meeting, Amsterdam, Netherlands Overview
    “ICANN Update” Herbert Vitzthum ICANN ccTLD Liaison [email protected] January, 16th 2002 CENTR DNR-Forum at RIPE-Meeting, Amsterdam, Netherlands Overview z October – .museum - First Sponsored TLD Agreement z November – .au - ccTLD Agreement Signed with auDA – ALSC Final Report – Registrar Data Escrow Program Announced – The third ICANN Annual Meeting in Marina del Rey, USA – Redelegation of .us ccTLD – .coop – Second sponsored TLD Agreement z December – Interim Report of the New TLD Evaluation Process Planning Task Force – ICANN Announces New Dispute Resolution Provider in the Asia Pacific Region – ASO General Assembly 2002 and Call for Nominations for ICANN Board of Directors – CENTR Meeting in Luxembourg At Large Study Committee Report (ALSC) z Undertook a comprehensive study of: – the concept, structure and processes z Invited/received input from all interested parties z To achieve a broad consensus – Public meetings in: z Melbourne, Australia, Stockholm, Sweden, Silicon Valley, USA and Montevideo, Uruguay – ALSC members have attended meetings z Kuala Lumpur, Taiwan, San Francisco, Bologna, Hong Kong, Accra, Shanghai, Caracas, Singapore, Beijing, Paris At Large Study Committee Report (ALSC) z The ALSC produced a FinalFinal Report,Report as recommendations to the ICANN Board. z The BoardBoard acceptedaccepted the Report, asas aa basisbasis forfor furtherfurther discussion.discussion. z The BoardBoard invitedinvited commentscomments on the Report from the Internet community. z ALSCALSC isis extendedextended until the ICANN meeting in Accra,Accra, Ghana;Ghana z Goal: “AtAt LargeLarge”” electionelection in 20022002 Registrar Data Escrow Program Announced z Periodic escrow for gTLD registrars. z To preserve domain registration information. z Data will be released from escrow if: – The registrar fails – The registrar ends his accreditation z Registrars are free to use ICANN’s Service or to choose a third party.
    [Show full text]
  • Reflections on Exclusion and Coordination in Cyberspace: the Case of Domain Names
    Reflections on Exclusion and Coordination in Cyberspace: The Case of Domain Names Margaret Jane Radin* and R. Polk Wagner** Preliminary Draft, December 1996 I. THE DOMAIN NAMES SYSTEM 4 A. The Distributed, Coordinated Network 4 B. The Internet Addressing Standard 6 C. Domain Naming Conventions and Domain Name Registration Processes 11 II. DISPUTES OVER DOMAIN NAMES: DOMAIN NAMES AS INTELLECTUAL PROPERTY? 15 A. An Evolutionary Perspective on the Propertization of Domain Names 16 B. Mutant Trademarks? Or Something Else? 27 III. TOWARD PRIVATE ORDERING (PROPERTY AND CONTRACT) IN A GLOBAL NETWORKED ENVIRONMENT 33 A. The Internet as a Self-Ordering Legal Environment 36 B. The Limits of Self-Ordering? 41 INTRODUCTION Anyone who has had occasion to look at any commercial websites or to send e-mail to a company has had contact with Internet domain names, of the form [commercial name].com. By now many people are familiar with netscape.com, microsoft.com, yahoo.com, etc. So far these names have been registered on a first-come, first-served basis to those who pay a small fee to an Internet governance organization. As the Internet has burgeoned into a commercial infrastructure, fierce disputes have arisen over domain names. Should ³roadrunner.com² belong to an Internet Service Provider (ISP) named Roadrunner, Inc., or to Warner Brothers, the owner of the cartoon character who always bests Wile E. Coyote?{1} Brokering of domain names has sprung up. An enterprising man named Toeppen has registered many domain names corresponding to big companies, apparently with the hope of ³selling² them to the companies when those companies ³wise up² about the necessity of a presence on the Internet.{2} A Vancouver company, MailBank, has spent U.S.
    [Show full text]
  • The Domain Name System
    The Domain Name System David Conrad [email protected] Nominum, Inc. Copyright © 1999 Acme Byte & Wire LLC Copyright © 1999 Internet Software Consortium Overview • Introduction • History • Name space structure • Technical details • Administrative details • Political details • Futures •Summary Copyright © 1999 Acme Byte & Wire LLC Copyright © 1999 Internet Software Consortium Introduction • For the Internet to operate, certain globally unique identifiers must exist – Protocol numbers, port numbers, addresses, names, etc. • Administration of these identifiers is done by the Internet Assigned Numbers Authority (IANA) – The IANA delegates the administration of some of these resources to other entities – Names are by far the most contentious Copyright © 1999 Acme Byte & Wire LLC Copyright © 1999 Internet Software Consortium Names vs. Addresses • In the Internet, an address provides information on how to reach a particular place – Usually hierarchical in nature • Cherry Hills Ogikubo #301, 4-6-6 Ogikubo Suginami-ku, Tokyo, Japan • +1-808-329-6085 • 202.12.28.129 • Names identify an object once its location is known – Any hierarchy is administrative only • David R. Conrad •Tokyo • isc.org • People use names, machines use addresses Copyright © 1999 Acme Byte & Wire LLC Copyright © 1999 Internet Software Consortium The Domain Name System • A system which permits humans to use names and machines to use addresses • Scalable – Over 90 million entries in the global DNS now • Consistent – You get the same answer where ever you ask • Resilient
    [Show full text]
  • Defining Domain: Higher Education's Battles for Cyberspace Jacob H
    Brooklyn Law Review Volume 80 | Issue 3 Article 5 2015 Defining Domain: Higher Education's Battles for Cyberspace Jacob H. Rooksby Follow this and additional works at: https://brooklynworks.brooklaw.edu/blr Recommended Citation Jacob H. Rooksby, Defining Domain: Higher Education's Battles for Cyberspace, 80 Brook. L. Rev. (2015). Available at: https://brooklynworks.brooklaw.edu/blr/vol80/iss3/5 This Article is brought to you for free and open access by the Law Journals at BrooklynWorks. It has been accepted for inclusion in Brooklyn Law Review by an authorized editor of BrooklynWorks. Defining Domain HIGHER EDUCATION’S BATTLES FOR CYBERSPACE Jacob H. Rooksby† iNTRODUCTION Juliet famously mused, “What’s in a name? that which we call a rose / By any other word would smell as sweet.”1 The same cannot be said for Internet domain names.2 One’s inability to own a specific domain name has delayed product launches, caused companies to change names, and led to disputes with alleged cybersquatters.3 The utility of domain names has led to a robust secondary market of buyers and sellers, where domain names that encompass generic words, or are comprised of very few letters or numbers, often change hands for hundreds of thousands of dollars, or more.4 In short, † Jacob H. Rooksby, M.Ed., J.D., Ph.D., Assistant Professor of Law, Duquesne University School of Law. Special thanks to Matthew Beddingfield for his research assistance, to Jacqui Lipton for reviewing and providing helpful comments on an earlier draft, and to my colleagues at Duquesne University School of Law for their support of my work.
    [Show full text]
  • Towards Improving DNS Security, Stability, and Resiliency
    Towards Improving DNS Security, Stability, and Resiliency David Conrad www.internetsociety.org Towards Improving DNS Security, Stability, and Resiliency © 2012 Internet Society DNS Resiliency Towards Improving DNS Security, Stability, and Resiliency Executive Summary The Domain Name System, continually evolving since its invention 30 years ago, is a core component of the Internet. Translation services provided by the DNS create a mapping between human friendly names and machine-preferred numbers (and vice versa). The DNS is used by the majority of services and applications available today in the Internet. As the Internet has become a critical resource with constant security attacks and threats, the DNS has also been attacked and threatened. While the threats to the DNS are significant, mitigations can either eliminate or limit many of the risks to the DNS. At the same time, new protocol developments and operational best practices have increased the resilience, stability and security of the DNS protocol and the global DNS infrastructure. The goal of this paper is to produce a comprehensive view on the DNS threats, their potential impacts, and available mitigation technologies and strategies. This paper begins by providing an overview of the DNS and its evolution. Then, threats to and from the DNS are described, followed by the discussion of mitigation technologies and strategies. This discussion is summarized at the end in a set of recommendations aimed at addressing the risks associated with the Internet’s DNS. This paper provides background information for the continuing dialog on the challeng- es the DNS faces, ways to further improve and evolve the DNS, and how to increase the security, stability, and resilience of the DNS.
    [Show full text]
  • IANA Important, but Not for What They Do Giving Away the Internet!
    3/12/19 IANA Important, but not for what they do Scott Bradner 22 November 2016 1 Giving Away the Internet! 2 Cruz.Senate.gov 1 3/12/19 Once Upon a Time • Started with Network Working Group - 1968 Ad-hoc group “concerned with the HOST software, the strategies for using the network, and initial experiments with the network” RFC 3 • Then RFCs – 1969 Jon Postel RFC series editor • Then coordinating socket numbers – 1972 Jon Postel coordinator Internet Assigned Numbers Authority (IANA) name – RFC 1060 in 1988 Joyce K. Reynolds listed as the IANA contact 3 Then more than sockets • IP addresses & Protocol Parameters RFC 739 – 1977 • IP address are too hard to use DNS: RFC 882/3 – 1982 • Hierarchy is your friend – DNS root & common TLDs: RFC 920 – 1984 • All the IANA parts in place by 1984 Jon & Joyce @ USC-ISI Funded by U.S. government e.g. 1988 DARPA contract with ISI, extended in 1997 4 2 3/12/19 ARPA Networking Research • ARPA wanted to share large (expensive) computers among researchers • Decided to use “packet-based” design • Used non-dedicated logical connections Permitted multiple conversations on same physical connection • Packet networking concept came from Paul Baran at RAND Designed to survive nuclear attack 5 Packet Switched Networking • Split transmission into chunks (a.k.a., packets) • Each packet proceeds on its own through the network, no state kept in network switches • No assumptions made about underling transport network Packets may be lost, reordered, duplicated • Packet network just forwards the bits • No service guarantees
    [Show full text]
  • DNS: Defense and Attack
    DNS: Defense and Attack Paul Ebersman [email protected], @paul_ipv6 RIPE66, Dublin, 13-17 May 2013 © 2013 Infoblox Inc. All Rights Reserved. 1 DNS is you © 2013 Infoblox Inc. All Rights Reserved. 2 DNS is who you are on the internet § If your DNS zone isn’t available: Ø No email Ø No website Ø No internet services… © 2013 Infoblox Inc. All Rights Reserved. 3 Robust DNS is worth money Even managers/executives now see value of robust DNS © 2013 Infoblox Inc. All Rights Reserved. 4 DNS Hijacking © 2013 Infoblox Inc. All Rights Reserved. 5 § Registry/Registrar security § Who owns nameservers § Who can update zone data and how © 2013 Infoblox Inc. All Rights Reserved. 6 Attacking your cache © 2013 Infoblox Inc. All Rights Reserved. 7 Cache Poisoning § What is it? – Inducing a name server to cache bogus records § Made possible by – Flaws in name server implementations – Short DNS message IDs (only 16 bits, or 0-65535) § Made easier on – Open recursive name servers § Consequence – Man in the middle attacks © 2013 Infoblox Inc. All Rights Reserved. 8 How Random - Not! § Amit Klein of Trusteer found that flaws in most versions of BIND’s message ID generator (PRNG) don’t use sufficiently random message IDs – If the current message ID is even, the next one is one of only 10 possible values – Also possible, with 13-15 queries, to reproduce the state of the PRNG entirely, and guess all successive message IDs © 2013 Infoblox Inc. All Rights Reserved. Birthday Attacks § Barring a man in the middle or a vulnerability, a hacker must guess the message ID in use – Isn’t that hard? – As it turns out, not that hard § Brute-force guessing is a birthday attack: – 365 (or 366) possible birthdays, 65536 possible message IDs – Chances of two people chosen at random having different birthdays: 364 ≈ 99.7% 365 – Chances of n people (n > 1) chosen at random all having different birthdays: 364 363 366 − n p (n) =€ × × ...× p(n) = 1− p n 365 365 365 ( ( )) © 2013 Infoblox Inc.
    [Show full text]
  • ICANN and Antitrust A
    University of Miami Law School University of Miami School of Law Institutional Repository Articles Faculty and Deans 2003 ICANN and Antitrust A. Michael Froomkin University of Miami School of Law, [email protected] Follow this and additional works at: https://repository.law.miami.edu/fac_articles Part of the Antitrust and Trade Regulation Commons, and the Internet Law Commons Recommended Citation A. Michael Froomkin, ICANN and Antitrust, 2003 U. Ill. L. Rev. 1 (2003). This Article is brought to you for free and open access by the Faculty and Deans at University of Miami School of Law Institutional Repository. It has been accepted for inclusion in Articles by an authorized administrator of University of Miami School of Law Institutional Repository. For more information, please contact [email protected]. ICANN AND ANTITRUST t A. Michael Froomkin* Mark A. Lemley** The Internet's smooth functioning depends on the domain name system (DNS), which allows users to enter an address into their browser and be directed to the appropriateweb site or e-mail recipi- ent. In 1998, the Departmentof Commerce (DoC) delegated effective control over the DNS to a private, not-for-profit corporation, the Internet Corporationfor Assigned Names and Numbers (ICANN). Various aspects of ICANN have been heavily criticized by commen- tators. In this article, Professors Froomkin and Lemley address the previously neglected issue of whether ICANN and its policies violate U.S. antitrustlaw. Professors Froomkin and Lemley begin by analyzing whether ICANN would be immune from antitrust scrutiny under the state ac- tion doctrine. This would be unlikely, they conclude, because there has been no clear articulationof policy nor active supervision by the government.
    [Show full text]