Cybersecurity |
Sponsored by |
In Part I of this article I set the stage for our discussion and overviewed the October 21st DDoS attacks on the Internet's 13 root name servers. In particular, I highlighted that the attacks were different this time, both in size and scope, because the root servers were attacked at the same time. I also highlighted some of the problems associated with the Domain Name System and the vulnerabilities inherent in BIND. Part II of this article takes our discussion to another level by critically looking at alternatives and best practices that can help solve the security problems we've raised.
The October 21 DDoS attacks against the 13 root-name servers containing the master domain list for the Internet's Domain Name System (DNS), (which reportedly took offline 9 of the 13 servers) remain a clear and daunting reminder of the vulnerabilities associated with online security. Many DNS authorities have named the most recent hit the largest DDoS attack against the root server system. Chris Morrow, network security engineer for UUNET, the service provider for two of the world's 13 root servers, recently told The Washington Post...
Recently, I entered my domain name in a "WHOIS" database query to test the results of the database by using WHOIS on a number of domain name registrar websites. WHOIS is a database service that allows Internet users to look up a number of matters associated with domain names, including the full name of the owner of a domain name, the name of the domain name hosting service, the Internet Protocol or I.P. number(s) corresponding to the domain name, as well as personally identifying information on those who have registered domain names. I was astonished to find...
In the beginning there was silence; then, silence begat communication, and communication begat more communication and, ultimately, group communication formed and begat a primordial "network" of communication that gradually and inevitably increased in effectiveness and complexity: there were only signal fires at first but, then, there were cave drawings, carrier pigeons, shouting from hill-tops, smoke from fire, lines of cannon fire, the telegraph, Alexander Graham Bell, and, finally, the network of networks known as the Internet. But, is that it? Is there not something more impressive in its impact upon communication than the Internet? What more might one desire than the dynamic wonders of the Internet, you ask? Well, what about ENUM? "E-What!?"
When it comes to domain name disputes, no domain name has captured more media attention than sex.com. Of course, disputes about sex often obtain a great deal of attention, and the sex.com domain name dispute can grab its share of headlines because the case involves sex, theft, declared bankruptcy, a once-thriving Internet porn business, and fraud, instead of the typical cybersquatting allegations. Indeed, this case is remarkable for its potential impact on the development of caselaw concerning whether there is a valid basis to assume that trademark interests should overwhelm all non-commercial interests in the use of domain names. The answer is no, but the caselaw to support that answer is in tension with cases that strongly imply a contrary conclusion.
The former contract with ICANN and the US Department of Commerce (DOC) was due to expire on September 30, 2002. In the statement announcing the renewal, the DOC acknowledged that ICANN was the subject of many complaints from many sectors of the Internet community. Some of these complaints had been presented to the US Congress during a hearing held in June 2002 by a Senate Subcommittee. At the hearing, a General Accounting Office (GAO) spokesperson, Peter Guerrero, testified, noting not only that ICANN had failed in its mandate, but that the U.S. Department of Commerce was also at fault in failing to properly oversee ICANN activities. He explains...
Domain Name System (DNS) surveys such as that recently conducted by Men & Mice continually demonstrate that the DNS is riddled with errors. Since the DNS continues to work, this raises three questions:
1. Does it matter that the DNS is riddled with errors?
2. Why is it riddled with errors?
3. How can it be fixed?