[28160] in North American Network Operators' Group
Age old DNS hack reappears
daemon@ATHENA.MIT.EDU (Simon Lockhart)
Tue Apr 18 12:43:09 2000
To: nanog@merit.edu
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Tue, 18 Apr 2000 17:40:49 +0100
Message-Id: <22900.956076049@sunf25>
From: Simon Lockhart <simonl@rd.bbc.co.uk>
Errors-To: owner-nanog-outgoing@merit.edu
Had this reported to us, which I thought people might be interested in.
This had happened in .uk several years ago, which prompted a rule to
forbid sub-domains of .uk which are the same as a TLD.
> It appears that someone has registered "uk.co.za" as a domain and is using
> this to fake well-known domain names such as bbc.co.uk. What they have
> done is created DNS entries for "bbc.co.uk.co.za" and
> "news.bbc.co.uk.co.za" so that when someone types e.g. "news.bbc.co.uk" in
> their browser the DNS lookup first finds the "local" site
> "news.bbc.co.uk.co.za" and returns that in preference to the desired site
> "news.bbc.co.uk". In this instance the fake DNS entry contains a redirect
> to the site "http://www.guitarpunk.com/home/mosrite.htm" which is an
> advert for electric guitars.
>
> As a user of the DNS I strongly object to the hijacking of the namespace
> in this manner and request that the co.za domain administrators
> immediately suspend the domain uk.co.za and that you prohibit any future
> registrations of domains xx.co.za where xx is a valid top-level domain.
HTH,
Simon
--
Simon Lockhart | Tel: +44 (0)1737 839676
Internet Engineering Manager | Fax: +44 (0)1737 839516
BBC Internet Services | Email: Simon.Lockhart@bbc.co.uk
Kingswood Warren,Tadworth,Surrey,UK | URL: http://support.bbc.co.uk/
