(12) United States Patent (10) Patent No.: US 7,136,932 B1 Schneider (45) Date of Patent: Nov

Total Page:16

File Type:pdf, Size:1020Kb

(12) United States Patent (10) Patent No.: US 7,136,932 B1 Schneider (45) Date of Patent: Nov US007136932B1 (12) United States Patent (10) Patent No.: US 7,136,932 B1 Schneider (45) Date of Patent: Nov. 14, 2006 (54) FICTITIOUS DOMAIN NAME METHOD, 6,314.469 B1 * 1 1/2001 Tan et al. ................... 709/245 PRODUCT, AND APPARATUS 6,338,082 B1* 1/2002 Schneider .. ... TO9,203 6,430,623 B1* 8/2002 Alkhaitb .... ... TO9.245 (76) Inventor: Eric Schneider, 13944 Cedar Rd. ii.258, 6,678,717 B1 * 1/2004 Schneider .. ... TO9,203 6,836,805 B1* 12/2004 Cook ..... ... TO9.245 University Heights, OH (US) 44118 2002fOO73233 A1 6/2002 Gross ......................... 709/245 (*) Notice: Subject to any disclaimer, the term of this FOREIGN PATENT DOCUMENTS patent is extended or adjusted under 35 WO WOO9922488 A2 5, 1999 U.S.C. 154(b) by 0 days. WO WOO993.9275 A1 8, 1999 (21) Appl. No.: 09/532,500 OTHER PUBLICATIONS Statement of the policy oversight committee, The Economic Struc (22) Filed: Mar. 21, 2000 ture of Internet Generic Top-Level Domain Name Registries Analy sis and Recommendation, Jul. 23, 1998. Related U.S. Application Data Berners-Lee T., "RFC 1630: Universal Resource Identifiers in (60) Provisional application No. 60/175.825, filed on Jan. WWW A Unifying Syntax for the Expression of Names and 13, 2000, provisional application No. 60/160,125, Addresses of Objects on the Network as used in the World-Wide filed on Oct. 18, 1999, provisional application No. Web”, IETF, Jun. 1994, <http://www.facs.org/rfcs/rfc1630.html>. 60/157,075, filed on Oct. 1, 1999, provisional appli (Continued) cation No. 60/143,859, filed on Jul. 15, 1999, provi sional application No. 60/135,751, filed on May 25, Primary Examiner Jason Cardone 1999, provisional application No. 60/130,136, filed Assistant Examiner—Adnan Mirza on Apr. 20, 1999, provisional application No. 60/125, 531, filed on Mar. 22, 1999. (57) ABSTRACT When a network resource request having a domain name is (51) Int. C. received, it can be determined whether the domain name is G06F 5/16 (2006.01) a fictitious domain name (FDN). For instance, the highest (52) U.S. Cl. ...................... 709/245; 709/223; 709/222; level domain (HLD) of a domain name that is determined 709/217 not resolvable is called a top level domain alias (TLDA) and (58) Field of Classification Search ................ 709/245, such a domain name is a FDN having a TLDA. Rather than 709/220, 223, 222, 217 displaying an error message upon determining that a domain See application file for complete search history. name is (fictitious) a FDN, instead a URL having a resolv able domain name can be generated. Content if any, may (56) References Cited then be located, presented, displayed, notified, and/or U.S. PATENT DOCUMENTS accessed accordingly. For example, the autoSearch feature of a web browser can be enabled to provide further resolution 3. A ck 3. E. Ele- - - - - - - - -r 395/200.5 processing by generating and/or resolving a resolvable 5 si3.776 A 9, 1998 sign et al. domain name upon detecting a FDN from a received domain 6,009,459 A 12/1999 Belfiore et al. aC. 6,151,624 A * 1 1/2000 Teare et al. ................. 709/217 6,182,148 B1 1/2001 Tout ........................... 709/245 56 Claims, 31 Drawing Sheets 50 y 120 120 -W - ONS Server U22 Server 124 116 ) 130 Networkinterret 110 - S Client Client 112 14 US 7,136,932 B1 Page 2 OTHER PUBLICATIONS NTIA-DOC, "RFC on the enhancement of the us Domain Space'. Aug. 4, 1998, from <http://www.ntia.doc.gov/ntiahome/domain Mockapetris P. "RFC 1035: Domain Names—Implementation and namefusrfc/dotusrfc.htm>. Specification', IETF, Nov. 1987. <http://www.facs.org/rfcs/ Wired News Report, “The Postal Proposal”, Wired News, May 8, rfc1035.html>. 1999, from <http://www.wired.com/news/technology/0,1282,131 Harrenstien K., Stahl M., and Feinler E., “RFC 954: Nicname? 30,00.html>. Whois”, IETF, Oct. 1985, <http://www.facs.org/rfcs/rfe954.html>. Wired News Report, “Deep Space Web?”, Wired News, Jul. 22, Crowe, Robert “The Telephone Exchange Name Project'. Web 1999, from <http://www.wired.com/news/technology/0,1282,139 Site(1998), from <http://ourwebhome.com/TENP/TENproject. 09,00.html>. html>. Oakes, Chris, “Internet Keywords Patent Spat”. Wired News, Jul. NTIA-DOC, “Improvement of Technical Management of Internet 22, 1999, from <http://www.wired.com/news/technology/0,1282.- Names and Addresses”. Federal Register V63 N34, Feb. 20, 1998, 13892,00.html>. from <http://www.ntia.doc.gov/ntiahome/domainname/022098fed reg.htm>. * cited by examiner U.S. Patent Nov. 14, 2006 Sheet 1 of 31 US 7,136,932 B1 150 120 120' Server 122 124 116 130 Network/Internet V S-100 114 U.S. Patent Nov. 14, 2006 Sheet 2 of 31 US 7,136,932 B1 162 Bookmark <<>> Reload Home Print 154 Location Field 150 Web page content -/ 158 Fig. Ib U.S. Patent Nov. 14, 2006 Sheet 3 of 31 US 7,136,932 B1 110/120 N. 170 Information records 174 178 182 Authorization Name translation database database 18O 184 186 Postal Code Name tracking TLD database Database database 188 190 192 Name reservation database 194 Database of potential registrants including profile data 166 Processor Fig. Ic U.S. Patent Nov. 14, 2006 Sheet 6 of 31 US 7,136,932 B1 From 226 Domain name valid? - No To 218 310 Process as Compare HLD Search request to TLDS Browser error message: 322 HLID Domain name is not resolvable? valid. Select link to learn more about proper domain name Syntax. Process fictitious domain name having a TLDA To 242 URI resolvable? Fig. 3 U.S. Patent Nov. 14, 2006 Sheet 7 of 31 US 7,136,932 B1 uqeuiopQueu ºu?AB?VOITILe U.S. Patent US 7,136,932 B1 op‘81I U.S. Patent Nov. 14, 2006 Sheet 9 of 31 US 7,136,932 B1 979 JoSqualuooz 0SI 09I 09I0IIZI |×|web||× U.S. Patent Nov. 14, 2006 Sheet 10 of 31 US 7,136,932 B1 8 VOITLSS900I&I epoodizese VOITIL [e]sode ?,9p00 VOITILSS30OJA apoope?sodese (81)9 SS93OJA sequod &,GITAL Kuenbesequod SS33OJA 1-IOCI U.S. Patent Nov. 14, 2006 Sheet 11 of 31 US 7,136,932 B1 CONFIGURATION SETTINGS 724 Calculate ALL Port Aliasing Calculate TLD O On O Prompt User O Off Process Postal Code Choose TLD Redirect UR O Convert to O Enter Default O Replace TLDA ccTLD COM O) Ignore TLDA O Search Request O Select from O Rotate TLDA list O Make path from TLDA Fig. 7 U.S. Patent Nov. 14, 2006 Sheet 12 of 31 US 7,136,932 B1 91319CI quod ‘SAO‘THOI‘NTRIQsequodSS300.J? 9(81H. ]IOCHSS300ICH quodssepold CITILSe #7I9UUOJH -¿p!IBA1IOA ON U.S. Patent Nov. 14, 2006 Sheet 14 of 31 US 7,136,932 B1 qoleºseseepood?Z SS93OJAI ghsanbÐI epoodizeseVOITILSs3OOJA ^ ON 899 8[0] ZZOI U.S. Patent Nov. 14, 2006 Sheet 15 of 31 US 7,136,932 B1 Fig. 10b U.S. Patent Nov. 14, 2006 Sheet 16 of 31 US 7,136,932 B1 From 646 Retrieve corresponding TLDA a subdomains based on postal code? - ccTLD from postal Yes code database Generate all possible URIs from input and subdomain retrieval Filter for all unavailable URIs TO 222 Only Notify/Access/ O Display results if resolvable any URI2 Generate and display web page of hyperlinks for all available URIs Process TLDA as a postal code 650 Fig. 10c U.S. Patent Nov. 14, 2006 Sheet 18 of 31 US 7,136,932 B1 VOITIL Kueqoqeu &,SCITIJL 06II 9ZIIULIOJH U.S. Patent Nov. 14, 2006 Sheet 19 Of 31 US 7,136,932 B1 Location Field 1 example.com http://www.example.com:80/index.html www.example.com http://www.example.com example.company http://example.com http://company.example.com http://example.company.com http://example.com/company/index.html http://example.com/example.company/ http://example.com/example/company/ http://example.com/pany/index.html 3 free.love:to http://free.to http://love.free.to http://free.love.to http://free.to/love 800.555.1212 http://www.1212.800.555.com 5 http://example.44106 http://example.cleveland.oh.us http://example.44106:us 6 foo(a)bar.company mailto.foo(a)bar.com Fig. 13 U.S. Patent Nov. 14, 2006 Sheet 20 of 31 US 7,136,932 B1 426 Retrieve resolvable TLD from registry to generate valid URI 141 From 420 4. O 182 Generate Retrieve from Registry a valid URI from resolvable TLD for matching registry?s - Yes record of registered name Generate a valid URI from input and retrieved TLD V To 242 URI resolvable? Fig. 14a U.S. Patent US 7,136,932 B1 U.S. Patent Nov. 14, 2006 Sheet 22 of 31 US 7,136,932 B1 q?I'81-I U.S. Patent Nov. 14, 2006 Sheet 23 of 31 US 7,136,932 B1 426 Retrieve component data to generate valid URI 1610 From 420 Retrieve from database N Generate resolution method, TLD, and t E. valid URI from component data for matching aSall registry? - Yes record of registeredg name database Generate a URI having a resolvable TLD from input based on resolution method, TLD, and component data TO 242 URI resolvable? Fig. 16 U.S. Patent Nov. 14, 2006 Sheet 24 of 31 US 7,136,932 B1 ULIJOJ ZIºffi, U.S. Patent Nov. 14, 2006 Sheet 25 Of 31 US 7,136,932 B1 From 212 Update input history 1815 Redirect 1820 An refix Sufi.
Recommended publications
  • The ISP Column What's in a Name?
    The ISP Column A monthly column on things Internet Geoff Huston December 2015 What’s in a Name? What's in a name? that which we call a rose By any other name would smell as sweet; Romeo and Juliet, Act II, Scene II What’s the difference between .local and .here? Or between .onion and .apple? All four of these labels are capable of being represented in the Internet’s Domain Name System as a generic Top Level Domains (gTLDs), but only two of these are in fact delegated names. The other two, .local and .onion not only don’t exist in the delegated name space, but by virtue of a registration in the IANA’s Special Use Domain Name registry (http://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml), these names cannot exist in the conventional delegated domain name space. It seems that Internet does not have a single coherent name space, but has a number of silent and unsignalled fracture lines, and instead of being administered by a single administrative body there are a number of folk who appear to want to have a hand on the tiller! Let’s look at the domain name space and try and gain some insight as to haw we’ve managed to get ourselves into this somewhat uncomfortable position. A Brief History of the DNS A good place to start is probably RFC 920, authored by Jon Postel and Joyce Reynolds, and published October 1984. The name space was divided by a small set of so-called Top Level Domains, with a temporary name of .arpa the category-based names of .com, .edu, .gov, .mil and .org, as well as the collection of two-letter country codes as administered by the Internet Standards Organization and published as ISO-3166.
    [Show full text]
  • Top Five DNS Security Attack Risks and How to Avoid Them How to Effectively Scale, Secure, Manage, and Protect Your DNS Table of Contents
    WHITEPAPER Top Five DNS Security Attack Risks and How to Avoid Them How to Effectively Scale, Secure, Manage, and Protect Your DNS Table of Contents Executive Overview 2 DNS Attacks Are on the Rise 2 External Name Server Basics 2 DNS Security Flaws and Management Challenges 3 Aren’t General-Purpose Computers Good Enough for DNS? 4 Securing Your DNS Infrastructure and Applications 6 The Infoblox Approach to DNS Security 6 Benefits of Purpose-Built Appliances 7 Conclusion 8 1 WHITEPAPER Top Five DNS Security Attack Risks and How to Avoid Them Executive Overview “If your data center is not available, all the compli- Cyber attacks on Domain Name System (DNS) servers represent one of the most ance or data integrity in the significant threats to Internet security today. Because DNS is used by nearly all world is not going to help networked applications – including email, Web browsing, ecommerce, Internet your customers, business, telephony, and more – these types of attacks threaten the very basis of modern or your brand. DDOS is the number one threat to the communications and commerce. Whether conducted for financial motives, political availability of data center gain, or the notoriety of the hacker, the damage from a DNS attack can be devastating resources...” for the target organizations. Rob Ayoub, Frost and Sullivan, Global Program Director, This paper will highlight how traditional DNS infrastructure deployments can actually Network Security increase the risks of DNS attacks. The paper also covers best practices and options for a hardened DNS layer that can minimize the risk of experiencing a DNS attack by identifying the symptoms and implementing a response faster.
    [Show full text]
  • Unclassified OCDE/GD(97)207
    Unclassified OCDE/GD(97)207 INTERNET DOMAIN NAMES: ALLOCATION POLICIES ORGANISATION FOR ECONOMIC CO-OPERATION AND DEVELOPMENT Paris 60465 Document complet disponible sur OLIS dans son format d'origine Complete document available on OLIS in its original format Copyright OECD, 1997 Applications for permission to reproduce or translate all or part of this material should be made to: Head of Publications Services, OECD, 2 rue André-Pascal, 75775 Paris Cedex 16, France 2 TABLE OF CONTENTS FOREWORD.................................................................................................................................................. 5 MAIN POINTS............................................................................................................................................... 6 INTERNET GROWTH AND THE DOMAIN NAME SYSTEM................................................................. 8 DOMAIN NAME SYSTEM OPERATIONS IN OECD COUNTRIES...................................................... 16 The Administration of Top Level Domains and Market Structure .......................................................... 17 The Administration of Generic Top Level Domains and Market Structure ............................................. 18 POLICY COMPARISON BETWEEN DOMAIN REGISTRARS.............................................................. 29 Location Requirements ............................................................................................................................. 29 Application Limits ...................................................................................................................................
    [Show full text]
  • Federal Register/Vol. 63, No. 111/Wednesday, June 10, 1998
    Federal Register / Vol. 63, No. 111 / Wednesday, June 10, 1998 / Notices 31741 differences of juvenile fish as they pass rulemaking, or ``Green Paper,'' was U.S. Role in DNS Development downstream through Lake Pateros and published in the Federal Register on Wells Dam. For modification 1, PUD GC February 20, 1998, providing More than 25 years ago, the U.S. Government began funding research requests an increase in the take of opportunity for public comment. NTIA necessary to develop packet-switching juvenile, endangered, UCR steelhead received more than 650 comments, as of technology and communications associated with a study designed to March 23, 1998, when the comment networks, starting with the ``ARPANET'' inventory fish species in Wells reservoir period closed.3 network established by the Department on the Columbia River. ESA-listed fish The Green Paper proposed certain are proposed to be observed by SCUBA of Defense's Advanced Research actions designed to privatize the Projects Agency (DARPA) in the 1960s. divers or collected in beach seines, management of Internet names and anesthetized, examined, allowed to ARPANET was later linked to other addresses in a manner that allows for recover, and released. Modification 1 is networks established by other the development of robust competition requested to be valid for the duration of government agencies, universities and and facilitates global participation in the permit. Permit 1116 expires on research facilities. During the 1970s, Internet management. The Green Paper December 31, 2002. DARPA also funded the development of proposed for discussion a variety of a ``network of networks;'' this became Dated: June 4, 1998.
    [Show full text]
  • Orderly Expansion of the International Top-Level Domains: Concurrent Trademark Users Need a Way out of the Internet Trademark Quagmire, 15 J
    The John Marshall Journal of Information Technology & Privacy Law Volume 15 Issue 3 Journal of Computer & Information Law Article 6 - Spring 1997 Spring 1997 Orderly Expansion of the International Top-Level Domains: Concurrent Trademark Users Need a Way Out of the Internet Trademark Quagmire, 15 J. Marshall J. Computer & Info. L. 521 (1997) David B. Nash Follow this and additional works at: https://repository.law.uic.edu/jitpl Part of the Computer Law Commons, Intellectual Property Law Commons, International Law Commons, Internet Law Commons, Privacy Law Commons, and the Science and Technology Law Commons Recommended Citation David B. Nash, Orderly Expansion of the International Top-Level Domains: Concurrent Trademark Users Need a Way Out of the Internet Trademark Quagmire, 15 J. Marshall J. Computer & Info. L. 521 (1997) https://repository.law.uic.edu/jitpl/vol15/iss3/6 This Comments is brought to you for free and open access by UIC Law Open Access Repository. It has been accepted for inclusion in The John Marshall Journal of Information Technology & Privacy Law by an authorized administrator of UIC Law Open Access Repository. For more information, please contact [email protected]. ORDERLY EXPANSION OF THE INTERNATIONAL TOP-LEVEL DOMAINS: CONCURRENT TRADEMARK USERS NEED A WAY OUT OF THE INTERNET TRADEMARK QUAGMIRE I. INTRODUCTION "If you want to attach your network to the Internet,' but you don't like NSI's 2 policies, for whatever reason, you quickly learn that NSI is the only game in town."3 Any organization that wants a domain name in an international top-level domain ("iTLD") has to register with the In- terNIC4 domain name registry which is administered by Network Serv- 1.
    [Show full text]
  • “ICANN Update” Herbert Vitzthum ICANN Cctld Liaison [email protected] January, 16Th 2002 CENTR DNR-Forum at RIPE-Meeting, Amsterdam, Netherlands Overview
    “ICANN Update” Herbert Vitzthum ICANN ccTLD Liaison [email protected] January, 16th 2002 CENTR DNR-Forum at RIPE-Meeting, Amsterdam, Netherlands Overview z October – .museum - First Sponsored TLD Agreement z November – .au - ccTLD Agreement Signed with auDA – ALSC Final Report – Registrar Data Escrow Program Announced – The third ICANN Annual Meeting in Marina del Rey, USA – Redelegation of .us ccTLD – .coop – Second sponsored TLD Agreement z December – Interim Report of the New TLD Evaluation Process Planning Task Force – ICANN Announces New Dispute Resolution Provider in the Asia Pacific Region – ASO General Assembly 2002 and Call for Nominations for ICANN Board of Directors – CENTR Meeting in Luxembourg At Large Study Committee Report (ALSC) z Undertook a comprehensive study of: – the concept, structure and processes z Invited/received input from all interested parties z To achieve a broad consensus – Public meetings in: z Melbourne, Australia, Stockholm, Sweden, Silicon Valley, USA and Montevideo, Uruguay – ALSC members have attended meetings z Kuala Lumpur, Taiwan, San Francisco, Bologna, Hong Kong, Accra, Shanghai, Caracas, Singapore, Beijing, Paris At Large Study Committee Report (ALSC) z The ALSC produced a FinalFinal Report,Report as recommendations to the ICANN Board. z The BoardBoard acceptedaccepted the Report, asas aa basisbasis forfor furtherfurther discussion.discussion. z The BoardBoard invitedinvited commentscomments on the Report from the Internet community. z ALSCALSC isis extendedextended until the ICANN meeting in Accra,Accra, Ghana;Ghana z Goal: “AtAt LargeLarge”” electionelection in 20022002 Registrar Data Escrow Program Announced z Periodic escrow for gTLD registrars. z To preserve domain registration information. z Data will be released from escrow if: – The registrar fails – The registrar ends his accreditation z Registrars are free to use ICANN’s Service or to choose a third party.
    [Show full text]
  • Reflections on Exclusion and Coordination in Cyberspace: the Case of Domain Names
    Reflections on Exclusion and Coordination in Cyberspace: The Case of Domain Names Margaret Jane Radin* and R. Polk Wagner** Preliminary Draft, December 1996 I. THE DOMAIN NAMES SYSTEM 4 A. The Distributed, Coordinated Network 4 B. The Internet Addressing Standard 6 C. Domain Naming Conventions and Domain Name Registration Processes 11 II. DISPUTES OVER DOMAIN NAMES: DOMAIN NAMES AS INTELLECTUAL PROPERTY? 15 A. An Evolutionary Perspective on the Propertization of Domain Names 16 B. Mutant Trademarks? Or Something Else? 27 III. TOWARD PRIVATE ORDERING (PROPERTY AND CONTRACT) IN A GLOBAL NETWORKED ENVIRONMENT 33 A. The Internet as a Self-Ordering Legal Environment 36 B. The Limits of Self-Ordering? 41 INTRODUCTION Anyone who has had occasion to look at any commercial websites or to send e-mail to a company has had contact with Internet domain names, of the form [commercial name].com. By now many people are familiar with netscape.com, microsoft.com, yahoo.com, etc. So far these names have been registered on a first-come, first-served basis to those who pay a small fee to an Internet governance organization. As the Internet has burgeoned into a commercial infrastructure, fierce disputes have arisen over domain names. Should ³roadrunner.com² belong to an Internet Service Provider (ISP) named Roadrunner, Inc., or to Warner Brothers, the owner of the cartoon character who always bests Wile E. Coyote?{1} Brokering of domain names has sprung up. An enterprising man named Toeppen has registered many domain names corresponding to big companies, apparently with the hope of ³selling² them to the companies when those companies ³wise up² about the necessity of a presence on the Internet.{2} A Vancouver company, MailBank, has spent U.S.
    [Show full text]
  • The Domain Name System
    The Domain Name System David Conrad [email protected] Nominum, Inc. Copyright © 1999 Acme Byte & Wire LLC Copyright © 1999 Internet Software Consortium Overview • Introduction • History • Name space structure • Technical details • Administrative details • Political details • Futures •Summary Copyright © 1999 Acme Byte & Wire LLC Copyright © 1999 Internet Software Consortium Introduction • For the Internet to operate, certain globally unique identifiers must exist – Protocol numbers, port numbers, addresses, names, etc. • Administration of these identifiers is done by the Internet Assigned Numbers Authority (IANA) – The IANA delegates the administration of some of these resources to other entities – Names are by far the most contentious Copyright © 1999 Acme Byte & Wire LLC Copyright © 1999 Internet Software Consortium Names vs. Addresses • In the Internet, an address provides information on how to reach a particular place – Usually hierarchical in nature • Cherry Hills Ogikubo #301, 4-6-6 Ogikubo Suginami-ku, Tokyo, Japan • +1-808-329-6085 • 202.12.28.129 • Names identify an object once its location is known – Any hierarchy is administrative only • David R. Conrad •Tokyo • isc.org • People use names, machines use addresses Copyright © 1999 Acme Byte & Wire LLC Copyright © 1999 Internet Software Consortium The Domain Name System • A system which permits humans to use names and machines to use addresses • Scalable – Over 90 million entries in the global DNS now • Consistent – You get the same answer where ever you ask • Resilient
    [Show full text]
  • Defining Domain: Higher Education's Battles for Cyberspace Jacob H
    Brooklyn Law Review Volume 80 | Issue 3 Article 5 2015 Defining Domain: Higher Education's Battles for Cyberspace Jacob H. Rooksby Follow this and additional works at: https://brooklynworks.brooklaw.edu/blr Recommended Citation Jacob H. Rooksby, Defining Domain: Higher Education's Battles for Cyberspace, 80 Brook. L. Rev. (2015). Available at: https://brooklynworks.brooklaw.edu/blr/vol80/iss3/5 This Article is brought to you for free and open access by the Law Journals at BrooklynWorks. It has been accepted for inclusion in Brooklyn Law Review by an authorized editor of BrooklynWorks. Defining Domain HIGHER EDUCATION’S BATTLES FOR CYBERSPACE Jacob H. Rooksby† iNTRODUCTION Juliet famously mused, “What’s in a name? that which we call a rose / By any other word would smell as sweet.”1 The same cannot be said for Internet domain names.2 One’s inability to own a specific domain name has delayed product launches, caused companies to change names, and led to disputes with alleged cybersquatters.3 The utility of domain names has led to a robust secondary market of buyers and sellers, where domain names that encompass generic words, or are comprised of very few letters or numbers, often change hands for hundreds of thousands of dollars, or more.4 In short, † Jacob H. Rooksby, M.Ed., J.D., Ph.D., Assistant Professor of Law, Duquesne University School of Law. Special thanks to Matthew Beddingfield for his research assistance, to Jacqui Lipton for reviewing and providing helpful comments on an earlier draft, and to my colleagues at Duquesne University School of Law for their support of my work.
    [Show full text]
  • Towards Improving DNS Security, Stability, and Resiliency
    Towards Improving DNS Security, Stability, and Resiliency David Conrad www.internetsociety.org Towards Improving DNS Security, Stability, and Resiliency © 2012 Internet Society DNS Resiliency Towards Improving DNS Security, Stability, and Resiliency Executive Summary The Domain Name System, continually evolving since its invention 30 years ago, is a core component of the Internet. Translation services provided by the DNS create a mapping between human friendly names and machine-preferred numbers (and vice versa). The DNS is used by the majority of services and applications available today in the Internet. As the Internet has become a critical resource with constant security attacks and threats, the DNS has also been attacked and threatened. While the threats to the DNS are significant, mitigations can either eliminate or limit many of the risks to the DNS. At the same time, new protocol developments and operational best practices have increased the resilience, stability and security of the DNS protocol and the global DNS infrastructure. The goal of this paper is to produce a comprehensive view on the DNS threats, their potential impacts, and available mitigation technologies and strategies. This paper begins by providing an overview of the DNS and its evolution. Then, threats to and from the DNS are described, followed by the discussion of mitigation technologies and strategies. This discussion is summarized at the end in a set of recommendations aimed at addressing the risks associated with the Internet’s DNS. This paper provides background information for the continuing dialog on the challeng- es the DNS faces, ways to further improve and evolve the DNS, and how to increase the security, stability, and resilience of the DNS.
    [Show full text]
  • IANA Important, but Not for What They Do Giving Away the Internet!
    3/12/19 IANA Important, but not for what they do Scott Bradner 22 November 2016 1 Giving Away the Internet! 2 Cruz.Senate.gov 1 3/12/19 Once Upon a Time • Started with Network Working Group - 1968 Ad-hoc group “concerned with the HOST software, the strategies for using the network, and initial experiments with the network” RFC 3 • Then RFCs – 1969 Jon Postel RFC series editor • Then coordinating socket numbers – 1972 Jon Postel coordinator Internet Assigned Numbers Authority (IANA) name – RFC 1060 in 1988 Joyce K. Reynolds listed as the IANA contact 3 Then more than sockets • IP addresses & Protocol Parameters RFC 739 – 1977 • IP address are too hard to use DNS: RFC 882/3 – 1982 • Hierarchy is your friend – DNS root & common TLDs: RFC 920 – 1984 • All the IANA parts in place by 1984 Jon & Joyce @ USC-ISI Funded by U.S. government e.g. 1988 DARPA contract with ISI, extended in 1997 4 2 3/12/19 ARPA Networking Research • ARPA wanted to share large (expensive) computers among researchers • Decided to use “packet-based” design • Used non-dedicated logical connections Permitted multiple conversations on same physical connection • Packet networking concept came from Paul Baran at RAND Designed to survive nuclear attack 5 Packet Switched Networking • Split transmission into chunks (a.k.a., packets) • Each packet proceeds on its own through the network, no state kept in network switches • No assumptions made about underling transport network Packets may be lost, reordered, duplicated • Packet network just forwards the bits • No service guarantees
    [Show full text]
  • DNS: Defense and Attack
    DNS: Defense and Attack Paul Ebersman [email protected], @paul_ipv6 RIPE66, Dublin, 13-17 May 2013 © 2013 Infoblox Inc. All Rights Reserved. 1 DNS is you © 2013 Infoblox Inc. All Rights Reserved. 2 DNS is who you are on the internet § If your DNS zone isn’t available: Ø No email Ø No website Ø No internet services… © 2013 Infoblox Inc. All Rights Reserved. 3 Robust DNS is worth money Even managers/executives now see value of robust DNS © 2013 Infoblox Inc. All Rights Reserved. 4 DNS Hijacking © 2013 Infoblox Inc. All Rights Reserved. 5 § Registry/Registrar security § Who owns nameservers § Who can update zone data and how © 2013 Infoblox Inc. All Rights Reserved. 6 Attacking your cache © 2013 Infoblox Inc. All Rights Reserved. 7 Cache Poisoning § What is it? – Inducing a name server to cache bogus records § Made possible by – Flaws in name server implementations – Short DNS message IDs (only 16 bits, or 0-65535) § Made easier on – Open recursive name servers § Consequence – Man in the middle attacks © 2013 Infoblox Inc. All Rights Reserved. 8 How Random - Not! § Amit Klein of Trusteer found that flaws in most versions of BIND’s message ID generator (PRNG) don’t use sufficiently random message IDs – If the current message ID is even, the next one is one of only 10 possible values – Also possible, with 13-15 queries, to reproduce the state of the PRNG entirely, and guess all successive message IDs © 2013 Infoblox Inc. All Rights Reserved. Birthday Attacks § Barring a man in the middle or a vulnerability, a hacker must guess the message ID in use – Isn’t that hard? – As it turns out, not that hard § Brute-force guessing is a birthday attack: – 365 (or 366) possible birthdays, 65536 possible message IDs – Chances of two people chosen at random having different birthdays: 364 ≈ 99.7% 365 – Chances of n people (n > 1) chosen at random all having different birthdays: 364 363 366 − n p (n) =€ × × ...× p(n) = 1− p n 365 365 365 ( ( )) © 2013 Infoblox Inc.
    [Show full text]