research-article

Open access

Risky BIZness: risks derived from registrar name management

Authors:

Gautam Akiwate,

Geoffrey M. Voelker, and

K C ClaffyAuthors Info & Claims

IMC '21: Proceedings of the 21st ACM Internet Measurement Conference

November 2021

Pages 673 - 686

https://doi.org/10.1145/3487552.3487816

Published: 02 November 2021 Publication History

Abstract

In this paper, we explore a domain hijacking risk that is an accidental byproduct of undocumented operational practices between domain registrars and registries. We show how over the last nine years over 512K domains have been implicitly exposed to the risk of hijacking, affecting names in most popular TLDs (including .com and .net) as well as legacy TLDs with tight registration control (such as .edu and .gov). Moreover, we show that this weakness has been actively exploited by multiple parties who, over the years, have assumed control over 163K domains without having any ownership interest in those names. In addition to characterizing the nature and size of this problem, we also report on the efficacy of the remediation in response to our outreach with registrars.

References

[1]

J. Abley, B. Dickson, W. Kumari, and G. Michaelson. 2015. AS112 Redirection Using DNAME. RFC 7535. https://rfc-editor.org/rfc/rfc7535.txt.

[2]

Gautam Akiwate, Mattijs Jonker, Raffaele Sommese, Ian Foster, Geoffrey M. Voelker, Stefan Savage, and KC Claffy. 2020. Unresolved Issues: Prevalence, Persistence, and Perils of Lame Delegations. In Proceedings of the ACM Internet Measurement Conference (IMC). Virtual Event.

Digital Library

[3]

Eihal Alowaisheq, Siyuan Tang, Zhihao Wang, Fatemah Alharbi, Xiaojing Liao, and XiaoFeng Wang. 2020. Zombie Awakening: Stealthy Hijacking of Active Domains through DNS Hosting Referral. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS). Virtual Event.

Digital Library

[4]

Matthew Bryant. 2017. The .io Error - Taking Control of All .io Domains With a Targeted Registration - The Hacker Blog. https://thehackerblog.com/the-io-error-taking-control-of-all-io-domains-with-a-targeted-registration/.

[5]

CAIDA and Ian Foster. 2020. CAIDA-DNS Zone Database (DZDB). https://dzdb.caida.org.

[6]

David Dagon. 2008. DNS Poisoning: Developments, Attacks and Research Directions. USENIX Security 2008, DNS Panel Talk. https://www.usenix.org/legacy/events/sec08/tech/slides/dagon_slides.pdf.

[7]

Department of Homeland Security. 2019. Emergency Directive 19-01: Mitigate DNS Infrastructure Tampering. https://cyber.dhs.gov/ed/19-01/.

[8]

DomainTools. 2020. Whois History. https://research.domaintools.com/research/whois-history/.

[9]

D. Eastlake and A. Panitz. 1999. Reserved Top Level DNS Names. RFC 2606. https://rfc-editor.org/rfc/rfc2606.txt.

[10]

Let's Encrypt. 2020. Challenge Types - DNS-01 Challenge. https://letsencrypt.org/docs/challenge-types/.

[11]

S. Hollenbeck. 2009. Extensible Provisioning Protocol (EPP). RFC 5730. https://rfc-editor.org/rfc/rfc5730.txt.

[12]

S. Hollenbeck. 2009. Extensible Provisioning Protocol (EPP) Domain Name Mapping. RFC 5731. https://rfc-editor.org/rfc/rfc5731.txt.

[13]

S. Hollenbeck. 2009. Extensible Provisioning Protocol (EPP) Host Mapping. RFC 5732. https://rfc-editor.org/rfc/rfc5732.txt.

[14]

ICANN. 2020. Centralized Zone Data Service. https://czds.icann.org.

[15]

Krebs on Security. 2019. A Deep Dive on the Recent Widespread DNS Hijacking Attacks. https://krebsonsecurity.com/2019/02/a-deep-dive-on-the-recent-widespread-dns-hijacking-attacks/.

[16]

Daiping Liu, Shuai Hao, and Haining Wang. 2016. All Your DNS Records Point to Us: Understanding the Security Threats of Dangling DNS Records. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS). ACM, Vienna, Austria, 1414--1425.

Digital Library

[17]

P. Mockapetris. 1987. Domain Names - Concepts and Facilities. RFC 1034. https://rfc-editor.org/rfc/rfc1034.txt.

[18]

P. Mockapetris. 1987. Domain Names - Implementation and Specification. RFC 1035. https://rfc-editor.org/rfc/rfc1035.txt.

[19]

S. Cheshire and M. Krochmal. 2013. Special-Use Domain Names. RFC 6761. https://rfc-editor.org/rfc/rfc6761.txt.

[20]

Sooel Son and Vitaly Shmatikov. 2010. The Hitchhiker's Guide to DNS Cache Poisoning. In Proceedings of the 6th International ICST Conference (SecureComm). Singapore, 466--483.

[21]

Thomas Vissers, Timothy Barron, Tom Van Goethem, Wouter Joosen, and Nick Nikiforakis. 2017. The Wolf of Name Street: Hijacking Domains Through Their Nameservers. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS). ACM, Dallas, TX, 957--970.

Digital Library

Cited By

Zhang MLi XLiu BLu JZhang YChen JDuan HHao SZheng X(2023)Detecting and Measuring Security Risks of Hosting-Based Dangling DomainsProceedings of the ACM on Measurement and Analysis of Computing Systems10.1145/35794407:1(1-28)Online publication date: 2-Mar-2023
https://dl.acm.org/doi/10.1145/3579440
Akiwate GSommese RJonker MDurumeric ZClaffy KVoelker GSavage SBarakat CPelsser CBenson TChoffnes D(2022)Retroactive identification of targeted DNS infrastructure hijackingProceedings of the 22nd ACM Internet Measurement Conference10.1145/3517745.3561425(14-32)Online publication date: 25-Oct-2022
https://dl.acm.org/doi/10.1145/3517745.3561425

Index Terms

Risky BIZness: risks derived from registrar name management
1. Networks
  1. Network services
    1. Naming and addressing
  2. Network types
    1. Public Internet

Recommendations

Risky trust: risk-based analysis of software systems

Measuring the security of a software system is a difficult problem. This paper presents a model using common security concepts to evaluate the security of a system under design. After providing definitions for all relevant concepts and formalizing some ...
Read More
Risky trust: risk-based analysis of software systems
SESS '05: Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications

Measuring the security of a software system is a difficult problem. This paper presents a model using common security concepts to evaluate the security of a system under design. After providing definitions for all relevant concepts and formalizing some ...
Read More
A risky business: managing and mitigating risks for service-learning projects for an information systems capstone two-course sequence

This paper describes an Information Systems/Information Technology two-course Systems Analysis and Design capstone sequence where student teams participate in a service-learning project. Community non-profit or service organizations provide the systems ...
Read More

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

IMC '21: Proceedings of the 21st ACM Internet Measurement Conference

November 2021

768 pages

ISBN:9781450391290

DOI:10.1145/3487552

General Chairs:
Dave Levin
University of Maryland
,
Alan Mislove
Northeastern University
,
Program Chairs:
Johanna Amann
International Computer Science Institute
,
Matthew Luckie
University of Waikato

Copyright © 2021 Owner/Author.

This work is licensed under a Creative Commons Attribution International 4.0 License.

Sponsors

In-Cooperation

USENIX Assoc: USENIX Assoc

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 November 2021

Check for updates

Qualifiers

Research-article

Funding Sources

NSF (National Science Foundation)

Conference

IMC '21

Sponsor:

IMC '21: ACM Internet Measurement Conference

November 2 - 4, 2021

Virtual Event

Acceptance Rates

Overall Acceptance Rate 277 of 1,083 submissions, 26%

Upcoming Conference

IMC '24

Sponsor:
sigcomm
sigcomm

ACM Internet Measurement Conference

November 4 - 6, 2024

Madrid , AA , Spain

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
538
Total Downloads

Downloads (Last 12 months)142
Downloads (Last 6 weeks)17

Other Metrics

View Author Metrics

Citations

Cited By

Zhang MLi XLiu BLu JZhang YChen JDuan HHao SZheng X(2023)Detecting and Measuring Security Risks of Hosting-Based Dangling DomainsProceedings of the ACM on Measurement and Analysis of Computing Systems10.1145/35794407:1(1-28)Online publication date: 2-Mar-2023
https://dl.acm.org/doi/10.1145/3579440
Akiwate GSommese RJonker MDurumeric ZClaffy KVoelker GSavage SBarakat CPelsser CBenson TChoffnes D(2022)Retroactive identification of targeted DNS infrastructure hijackingProceedings of the 22nd ACM Internet Measurement Conference10.1145/3517745.3561425(14-32)Online publication date: 25-Oct-2022
https://dl.acm.org/doi/10.1145/3517745.3561425

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents