TheWolf of Name Street: Hijacking domains through their nameservers

Thomas Vissers; Timothy Barron; Tom Van Goethem; Wouter Joosen; Nick Nikiforakis

doi:10.1145/3133956.3133988

TheWolf of Name Street: Hijacking domains through their nameservers

Thomas Vissers
, Timothy Barron
, Tom Van Goethem
, Wouter Joosen
, Nick Nikiforakis

Computer Science

Interuniversitair Micro-Elektronica Centrum
Stony Brook University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

40 Scopus citations

Abstract

The functionality and security of all domain names are contingent upon their nameservers. When these nameservers, or requests to them, are compromised, all domains that rely on them are a.ected. In this paper, we study the exploitation of con.guration issues (typosquatting and outdated WHOIS records) and hardware errors (bitsquatting) to seize control over nameservers' requests to hijack domains.We perform a large-scale analysis of 10,000 popular nameserver domains, in which we map out existing abuse and vulnerable entities. We con.rm the capabilities of these attacks through realworld measurements. Overall, we. nd that over 12,000 domains are susceptible to near-immediate compromise, while 52.8M domains are being targeted by nameserver bitsquatters that respond with rogue IP addresses. Additionally, we determine that 1.28M domains are at risk of a denial-of-service attack by relying on an outdated nameserver.

Original language	English
Title of host publication	CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security
Publisher	Association for Computing Machinery
Pages	957-970
Number of pages	14
ISBN (Electronic)	9781450349468
DOIs	https://doi.org/10.1145/3133956.3133988
State	Published - Oct 30 2017
Event	24th ACM SIGSAC Conference on Computer and Communications Security, CCS 2017 - Dallas, United States Duration: Oct 30 2017 → Nov 3 2017

Publication series

Name	Proceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)	1543-7221

Conference

Conference	24th ACM SIGSAC Conference on Computer and Communications Security, CCS 2017
Country/Territory	United States
City	Dallas
Period	10/30/17 → 11/3/17

Keywords

Bitsquatting
DNS
Nameservers
Typosquatting

Access to Document

10.1145/3133956.3133988

Cite this

Vissers, T., Barron, T., Goethem, T. V., Joosen, W., & Nikiforakis, N. (2017). TheWolf of Name Street: Hijacking domains through their nameservers. In CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (pp. 957-970). (Proceedings of the ACM Conference on Computer and Communications Security). Association for Computing Machinery. https://doi.org/10.1145/3133956.3133988

@inproceedings{c121240d6c5c40e38f21cc2e3bbea576,

title = "TheWolf of Name Street: Hijacking domains through their nameservers",

abstract = "The functionality and security of all domain names are contingent upon their nameservers. When these nameservers, or requests to them, are compromised, all domains that rely on them are a.ected. In this paper, we study the exploitation of con.guration issues (typosquatting and outdated WHOIS records) and hardware errors (bitsquatting) to seize control over nameservers' requests to hijack domains.We perform a large-scale analysis of 10,000 popular nameserver domains, in which we map out existing abuse and vulnerable entities. We con.rm the capabilities of these attacks through realworld measurements. Overall, we. nd that over 12,000 domains are susceptible to near-immediate compromise, while 52.8M domains are being targeted by nameserver bitsquatters that respond with rogue IP addresses. Additionally, we determine that 1.28M domains are at risk of a denial-of-service attack by relying on an outdated nameserver.",

keywords = "Bitsquatting, DNS, Nameservers, Typosquatting",

author = "Thomas Vissers and Timothy Barron and Goethem, \{Tom Van\} and Wouter Joosen and Nick Nikiforakis",

note = "Publisher Copyright: {\textcopyright} 2017 author(s).; 24th ACM SIGSAC Conference on Computer and Communications Security, CCS 2017 ; Conference date: 30-10-2017 Through 03-11-2017",

year = "2017",

month = oct,

day = "30",

doi = "10.1145/3133956.3133988",

language = "English",

series = "Proceedings of the ACM Conference on Computer and Communications Security",

publisher = "Association for Computing Machinery",

pages = "957--970",

booktitle = "CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security",

}

Vissers, T, Barron, T, Goethem, TV, Joosen, W & Nikiforakis, N 2017, TheWolf of Name Street: Hijacking domains through their nameservers. in CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. Proceedings of the ACM Conference on Computer and Communications Security, Association for Computing Machinery, pp. 957-970, 24th ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, United States, 10/30/17. https://doi.org/10.1145/3133956.3133988

TheWolf of Name Street: Hijacking domains through their nameservers. / Vissers, Thomas; Barron, Timothy; Goethem, Tom Van et al.
CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, 2017. p. 957-970 (Proceedings of the ACM Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - TheWolf of Name Street

T2 - 24th ACM SIGSAC Conference on Computer and Communications Security, CCS 2017

AU - Vissers, Thomas

AU - Barron, Timothy

AU - Goethem, Tom Van

AU - Joosen, Wouter

AU - Nikiforakis, Nick

PY - 2017/10/30

Y1 - 2017/10/30

N2 - The functionality and security of all domain names are contingent upon their nameservers. When these nameservers, or requests to them, are compromised, all domains that rely on them are a.ected. In this paper, we study the exploitation of con.guration issues (typosquatting and outdated WHOIS records) and hardware errors (bitsquatting) to seize control over nameservers' requests to hijack domains.We perform a large-scale analysis of 10,000 popular nameserver domains, in which we map out existing abuse and vulnerable entities. We con.rm the capabilities of these attacks through realworld measurements. Overall, we. nd that over 12,000 domains are susceptible to near-immediate compromise, while 52.8M domains are being targeted by nameserver bitsquatters that respond with rogue IP addresses. Additionally, we determine that 1.28M domains are at risk of a denial-of-service attack by relying on an outdated nameserver.

AB - The functionality and security of all domain names are contingent upon their nameservers. When these nameservers, or requests to them, are compromised, all domains that rely on them are a.ected. In this paper, we study the exploitation of con.guration issues (typosquatting and outdated WHOIS records) and hardware errors (bitsquatting) to seize control over nameservers' requests to hijack domains.We perform a large-scale analysis of 10,000 popular nameserver domains, in which we map out existing abuse and vulnerable entities. We con.rm the capabilities of these attacks through realworld measurements. Overall, we. nd that over 12,000 domains are susceptible to near-immediate compromise, while 52.8M domains are being targeted by nameserver bitsquatters that respond with rogue IP addresses. Additionally, we determine that 1.28M domains are at risk of a denial-of-service attack by relying on an outdated nameserver.

KW - Bitsquatting

KW - DNS

KW - Nameservers

KW - Typosquatting

UR - https://www.scopus.com/pages/publications/85041433150

U2 - 10.1145/3133956.3133988

DO - 10.1145/3133956.3133988

M3 - Conference contribution

AN - SCOPUS:85041433150

T3 - Proceedings of the ACM Conference on Computer and Communications Security

SP - 957

EP - 970

BT - CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

PB - Association for Computing Machinery

Y2 - 30 October 2017 through 3 November 2017

ER -

Vissers T, Barron T, Goethem TV, Joosen W, Nikiforakis N. TheWolf of Name Street: Hijacking domains through their nameservers. In CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery. 2017. p. 957-970. (Proceedings of the ACM Conference on Computer and Communications Security). doi: 10.1145/3133956.3133988

TheWolf of Name Street: Hijacking domains through their nameservers

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this