Re: [ga] On Its Way: One of the Biggest Changes to the Internet

["Prophet Partners Inc." <Domains@xxxxxxxxxxxxxxxxxxx>]

Hi Karl,

With the potential problems from long IDN names, could poorly configured DNS 
applications possibly create situations of DNS instability? Could criminal 
or terrorist organizations launch DoS attacks in this manner?
Sincerely,
Ted
Prophet Partners Inc.
http://www.ProphetPartners.com
http://www.Premium-Domain-Names.com


----- Original Message ----- 
From: "Karl Auerbach" <karl@xxxxxxxxxxxx>
To: "Ram Mohan" <rmohan@xxxxxxxxxxxx>
Cc: <ga@xxxxxxxxxxxxxx>
Sent: Thursday, October 11, 2007 9:40 PM
Subject: Re: [ga] On Its Way: One of the Biggest Changes to the Internet


> Ram Mohan wrote:
>
> > Numerous other usability issues exist, including some interesting ones 
> > such as searchability of IDN names and IDN TLDs.
> It's been a while since I last scanned SIP VoIP implementations for DNS 
> vulnerabilities.
> But when I last did it, I found that a lot of VoIP phones had weak DNS 
> resolving engines that could be easily confused/killed by long names (and 
> IDN names can get long) and long or strange CNAMEs.
> (It is amazing the devices than can be sent into the weeds by giving 'em a 
> SIP or HTTP URI/URL that contains a domain name that gets mapped via a 
> CNAME into something that is either very long or contains the full variety 
> of 8-bit characters without honoring the "hostname" character set 
> constraint.)
> Again, as you say, at the DNS layer, it's all just ASCII labels.  And the 
> problems I saw weren't IDN problems, just weak DNS implementations.
> --karl--