From the creation of DNSAI Compass ("Compass"), we knew that measuring DNS Abuse1 would be difficult and that it would be beneficial to anticipate the challenges we would encounter. With more than a year of published reports, we are sharing insights into one of the obstacles we have faced. One of our core principles is transparency and we've worked hard to provide this with our methodology. more
Timothy D. Morgan's recent paper titled, "IPv6 Address Cookies", seeks to apply the fundamental shift in resource availability brought about by the vastly increased Internet address space in IPv6 to develop a novel, lower cost solution to mitigating spoofed attacks. "Spoofed denial of service attacks have plagued the Internet for a number of years, and show no signs of abating. Research into mitigation techniques has apparently not led to a financially viable solution, and new attacks have been discovered in the wild without being widely anticipated". The following provides an introduction to this paper. more
One of the problems with trying to secure systems is the lack of knowledge in the community about what has or hasn't worked. I'm on record as calling for an analog to the National Transportation Safety Board: a government agency that investigates major outages and publishes the results. In the current, deregulatory political climate, though, that isn't going to happen. But how about a voluntary system? more
The Estonians have a public version of their cyber security strategy translated into English (currently available offline only). The concept of a national strategy for cyber security is one which I am particularly fond of... The following is the Summary section from the document which might be of interest... more
As warned by Dan Kaminsky, Paul Vixie, and numerous other experts experts, it was just a matter of time before an exploit code for the now public DNS flaw would surface. An exploit code for the flaw allowing insertion of malicious DNS records into the cache of target nameservers has been posted to Metasploit, a free provider of information and tools on exploit techniques. According to reports Metasploit creator, H D Moore in collaboration with a researcher named "|)ruid" from Computer Academic Underground, created the exploit, dubbed "DNS BaliWicked Attack", along with a DNS service created to assist with the exploit. more
The sky is falling! The sky is falling! ...or is it? What is this thing called "pharming"? Put simply, it's redirection of web traffic, so that the server you think you're talking to actually belongs to a criminal. For example: you think you're talking to www.examplebank.com because it says so in the browser's address bar, but actually you're connected to www.mafia-R-us.ru. This can happen in three main ways: 1. DNS Hijack: a social engineering attack on the Internet infrastructure... more
Over the past days a lot has been said and written on counter hacking by enforcement agencies. The cause is a letter Dutch Minister I. Opstelten, Security & Justice, sent to parliament. Pros and cons were debated and exchanged. Despite the fact that I perfectly understand the frustration of enforcement agencies of having to find actionable data and evidence that gets criminals convicted in a borderless, amorphous environment, a line seems to be crossed with this idea presented to Dutch parliament. Where are we? more
It was not without a little trepidation that I planned the 2nd DNS Abuse Institute Forum to focus on the long-standing and often contentious definitional issues surrounding DNS Abuse. While the risk of getting stuck in the usual entrenched positions was real, it seemed to me that we had an opportunity to provide some clarity and if not change minds, at least provide perspective. more
Bob Marley's Wailers, who eventually became known simply as the "Wailers" after Bob Marley's death, successfully argued for dismissal of this cybersquatting and trademark infringement lawsuit brought by band members of another Wailers musical group who started using the band name 10 years before Bob Marley named his group in 1969... more
How are domain names dealt with in Russia? This article discusses current issues related to the registration and assignment of domain names in ".ru" zone (Russian top level country code domain) and trademark protection on Internet. more
This is the first in a series of releases that tie extensive code injection campaigns directly to policy failures within the Internet architecture. In this report we detail a PHP injection found on dozens of university and non-profit websites which redirected visitor's browsers to illicit pharmacies controlled by the VIPMEDS/Rx-Partners affiliate network. This is not a unique problem, however the pharmacy shop sites in question: HEALTHCUBE[DOT]US and GETPILLS[DOT]US should not even exist under the .US Nexus Policy. more
This past week I had two items pop up on my alerts. The first was about Facebook suing domain registrar Namecheap for allowing domains that impersonate the social media company and can be used for scams. The second was a plea by the Electronic Frontier Foundation to join in its crusade to stop the sale of the .ORG domain. It took me a moment to realize these are linked. more
The last few years have been challenging ones for members of the Canadian International Pharmacy Association. First, in 2010, they lost their ability to advertise in the US search space after the US Department of Justice noted that many seemingly "Canadian" pharmacy websites "sell drugs obtained from countries other than Canada" when shipping medicines into the US, and major search advertising programs tightened their policies, effectively excluding CIPA's members from advertising in the US. more
A recent paper called "Worm Propagation Strategies in an IPv6 Internet", written by Steven M. Bellovin, Angelos Keromytis, and Bill Cheswick, examines whether or not the deployment of IPv6 will in fact provide a substantial level of barrier against worms. Shared below are the introductory paragraphs from this paper. "In recent years, the internet has been plagued by a number of worms. One popular mechanism that worms use to detect vulnerable targets is random IP address-space probing..." more
On Monday 17 March, domain name registrations under the new Chinese Internet address, .cn, were available for the first time to registrants both inside and outside of China. As China's equivalent of .uk, or .us, the .cn domain space will be the Internet address of choice for Chinese consumers and for corporations interested in operating in one of the largest Internet markets. more
A World-Renowned Source for Internet Developments. Serving Since 2002.