[14328] in bugtraq
Re: The out-of-domain NS registration attack
daemon@ATHENA.MIT.EDU (David Terrell)
Fri Mar 17 06:22:36 2000
Mail-Followup-To: BUGTRAQ@SECURITYFOCUS.COM
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <20000314180849.A10541@pianosa.catch22.org>
Date: Tue, 14 Mar 2000 18:08:49 -0800
Reply-To: David Terrell <dbt@meat.net>
From: David Terrell <dbt@MEAT.NET>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20000314014512.9413.qmail@cr.yp.to>; from djb@CR.YP.TO on Tue,
Mar 14, 2000 at 01:45:12AM -0000
On Tue, Mar 14, 2000 at 01:45:12AM -0000, D. J. Bernstein wrote:
> The attacker then registers a new domain with NSI, using ns1.jsnet.com
> as the domain's server name, but his own IP address for ns1.jsnet.com:
>
> zerosecurity.com NS ns1.jsnet.com
> ns1.jsnet.com A 5.6.7.8
Have you verified this is possible? The last time I checked, NSI
would only allow new host registration from the appropriate contact
of the domain the host is in.
--
David Terrell | p = "you are nasty" q = "my first name is Janet"
Nebcorp PM | r = "my first name is baby" s = "My name is Miss Jackson"
dbt@meat.net | (!r -> q) & (p -> s) - Braverman's Third Lemma
wwn.nebcorp.com | !r & (!p -> q) & (p -> s) - Libor's Corrolary
