|
Posted by Ivan Yonge on April 30, 2004, 6:09 pm
If you were Registered and logged in, you could reply and use other advanced thread options
First of all, I am not an expert in DNS... that's why I am here to ask for
help. don't laugh at me if I am wrong.
I have tested this with my domain, this seems like a security hole to me
...My domain is registered with Register.com
1. Go to Register.com, login to my account (say "mycompany.com", doesn't
matter)
2. Add a new DNS entry
3. They will ask for HOST NAME and IP ADDRESS (they used to ask HOST name
only, not IP).
4. type host="testing.victim.com" (the host of the victim)
5. type ip = "24.102.80.12" (the IP address I want to point to, I just make
it up)
6. submit
7. After 24 hours, all the world's DNS servers will resolve
testing.victim.com as 24.102.80.12. If you PING testing.victim.com from any
server say network-tools.com it gives you the 24.102.80.12
This is not good, now "testing.victim.com" is tied to the IP address, it
doesn't even try to resolve it from "victim.com" 's DNS server..... why is
this happening?? I have used http://network-tools.com/nslook/Default.asp
to verify my result..
If this is true, anyone can hijack other people's domain name using DNS and
point to his IP address? this is scary..
Help..
| 
XML site map