Re: [ga] Re: Rogue (Fraudulent) DNS Servers?

[JFC Morfin <jefsey@xxxxxxxxxxxxxxxx>]

The problem with English specifications/RFCs is that it piviliges the 
concept over the term. So, the "DNS" is many different things under 
the same name, with different main understandings by users and 
engineers. We can say that for a user what he receives from the "DNS 
at large" is the main DNS concern, while  for an engineer the main 
DNS concern is what the "DNS system" will deliver. So, "mal-DNS" is 
in the DNS for the user, not in the DNS for the engineer.
Practical solutions to this kind of global network issues can only be 
patched at protocol level. They can only be solved at architectural 
level. This means a new internet. There are two possible forms for a 
new internet: a new physical and digital architecture, this is what 
GENI is at; or a new usage architecture, this is what we (the users) 
have to work on and experiment (something ICANN called for in 2001 in 
its ICP-3 document the IETF has disregarded).
The current inability of IETF to address the user's side of the 
complexity of the problem (and probably the engineering side as we 
see with IPv6, IDNA, DNSSEC, ROAP, etc.) will most probably reach a 
no-return point with the InterNAT as the/a practical solution to IP 
address shortage. From then on we will face in Internet 
standardization the same as in every other standardization areas: an 
SSDO diversity, different entities addressing differently the same 
point. The problem is interoperability among their RFC multiplicity. 
In the real life/world reality described by the norms insures that 
interoperability. In the virtual world, the norm defines the 
virtuality and there is no Internet norm, only IETF standard 
propositions. To decide if they keep the STD numbers is a current IETF issue.
The mal-DNS is our GNSO priority, because it errodes the whole naming 
credibility. We are confronted to it via IDNA (phishing through 
Unicode support failures), we are confronted to it through these 
Windoz bug. etc. There most probably will be other forms of attacks. 
Identifying the sources of the problems (lack of presentation layer, 
unique root, poor support of aliases, etc.) is a priority, like IETF 
does with ROAP (routing and addressing problem). For the DNS it 
should be the job of the GNSO. It happens that the GNSO has an IETF 
member as a Chair, this might help ?
jfc



At 10:51 12/12/2007, Stephane Bortzmeyer wrote:


> On Wed, Dec 12, 2007 at 09:12:21AM +0000,
>  Matthew Pemble <matthew@xxxxxxxxxx> wrote
>  a message of 140 lines which said:
>
> > I assume we will actually have to wait for the survey
>
> Yes, because the IDG paper is mostly crap. Other reports from Dagon
> were very good.
>
> > Georgia Tech's and Google's researchers estimate that as many as 0.4
> > percent, or 68,000, open-recursive DNS servers are behaving
> > maliciously, returning false answers to DNS queries.
>
> That's perfectly possible but since nobody interrogates them, it is
> hardly a problem.
>
> > Attackers would then change just one file in the Windows registry
> > settings, telling the PC to go to the criminal's server for all DNS
> > information.
>
> So, the attack has *nothing* to do with DNS. If the attacker can
> change MS-Windows (or any other OS) settings, he can do anything.
>
> [The mention of a "file in the Windows registry" gives a good idea of
> the seriousness of the paper.]