[linux-elitists] [schoen@loyalty.org: Re: [svlug] netsol is a bunch of fucking morons !!!]

Seth David Schoen schoen@loyalty.org
Wed Jan 31 08:09:54 PST 2001


----- Forwarded message from Seth David Schoen <schoen@loyalty.org> -----

From: Seth David Schoen <schoen@loyalty.org>
To: svlug@svlug.org
Subject: Re: [svlug] netsol is a bunch of fucking morons !!!
Date: Wed, 31 Jan 2001 07:53:44 -0800

Marc MERLIN writes:

> But I'm sure you knew that already...
> 
> It's been a month and a half that I've been trying to get rid of that stupid
> www.svlug.org host record
> http://www.networksolutions.com/cgi-bin/whois/whois;?STRING=host+WWW7974-HST&STRING=Search
> 
> Of course, we  never created that host record, it  was created when svcs.net
> and svcs.org  were as they  unfortunately specified www.svlug.org as  a name
> server (something I only  found out about way later because  there is no way
> to know who's using your host record unless someone really high up at netsol
> looks that up for you).

There used to be a way in whois, but I don't think it's worked lately.

You can double check in "whois help@whois.networksolutions.com"; I think
they took it out because they thought people would use it to facilitate
spam (?) or it would hurt their business.

> - Let me get this straight. You're telling me that you continue to feed an
>   orphaned host name record because it has 'www' in its name?
> - Yes
> - Aaaarrrrgggghhh! (eating desk)

I had a less extreme version of the same problem, trying to delete an A
record.

- If a domain is using that machine as an NS, you can't delete the record
  with a DELETE HOST (even if the domain isn't actually yours).
- If the IP address of the nameserver has changed, but the new IP address
  already has a hostname associated with it in the root zone, you can't
  change the IP address with a MODIFY HOST.

So in the case I had, we had to wait until the IP address changed again
(two years later!) before I could actually get the host record modified.
I _still_ can't delete it, even though the actual nameservers are
elsewhere now and we have no need for that record to remain in the root
zone.


I do think this would work as a denial of service attack.  Someone just has
to create a host record for www.microsoft.com by specifying that as an NS.
Right?  And Microsoft's web server would be off the net _again_.

Does anybody want to try an experiment with this?  Anybody have a "spare"
(non-production-use) domain and want to trade simulated denial of service
attacks with me (you try to break services in my domain with my permission,
I try to break services in your domain with your permission)?  If it works,
it ought to be on BUGTRAQ or NANOG or a newspaper so that NSI will
_finally_ clean up this mechanism a little.

-- 
Seth David Schoen <schoen@loyalty.org>  | And do not say, I will study when I
Temp.  http://www.loyalty.org/~schoen/  | have leisure; for perhaps you will
down:  http://www.loyalty.org/   (CAF)  | not have leisure.  -- Pirke Avot 2:5

_______________________________________________
svlug mailing list
svlug@lists.svlug.org
http://lists.svlug.org/mailman/listinfo/svlug

----- End forwarded message -----

Does anybody here have a spare IP address to contribute to this effort?
I don't want to irritate anybody by claiming that some nonexistent
machine (or some actual machine I'm testing an attack on) is within
some other network, without getting permission first.

-- 
Seth David Schoen <schoen@loyalty.org>  | And do not say, I will study when I
Temp.  http://www.loyalty.org/~schoen/  | have leisure; for perhaps you will
down:  http://www.loyalty.org/   (CAF)  | not have leisure.  -- Pirke Avot 2:5



More information about the linux-elitists mailing list