Eugene Kashpureff has just pulled off the biggest hack of his life. And because of it, the namespace across the Internet has been widened - for a time.
Kashpureff, founder of AlterNIC, made a domain name server hack he says has allowed up to 90 percent of the Net to access his alternative namespace - with no reconfiguration on their part - including AOL users and services such as Webcrawler, Yahoo, and Lycos, which have been resolving AlterNIC sites such as www.per and accepting them as valid URLs.
Christopher Clough of Network Solutions - which oversees the registration of many popular top-level domains, including .com, .edu, and .org - believes in the future of alternative registries. "We think that's tremendous opportunity to develop TLDs. The question is whether it's stable and doesn't break the Internet," he said, noting that these registries haven't been able to get widespread deployment in any uniform way.
TLDs registered with AlterNIC and other registries of its ilk have never been popular due to their limited DNS resolution across the Net - you first had to reconfigure your name server to access these addresses. While such an "alterweb" opens a wide range of possibilities, it doesn't do anything for the general Net - and it could potentially slow things down.
But the general Net community, including HotWired, doesn't accept or acknowledge the AlterNIC, mostly because the use of such TLDs holds no meaning and poses a breach of netiquette.
Kashpureff, the renegade AlterNIC champion of alternative top-level domains wants to have his own DNS system - one that could potentially net him a tidy sum - recognized. AlterNIC charges netizens US$50 to register a TLD and then $24 per year to hold on to it. Those who wish to administer to an entire TLD must pony up $100 per month for the privilege.
The hack, which Kashpureff spent his Sunday afternoon devising, is believed by some to be a variant of a known DNS exploit that sends off a badly-formed response to a normal DNS request, but Kashpureff says that it's clean. Nonetheless, the hack could allow a malicious user to direct this badly-formed response to a name server without the owner's knowledge.
"We had just about given up on this particular tack when another hacker - who shall remain anonymous - gave me a small hint," he said. He then wrote the DNS spoof and the bot that triggers it, deploying it within three hours.
Kashpureff would not disclose the specifics of the hack. "It's all done with standard MIME code, right out of the box. The only thing the bot does is make a couple of interesting small queries on a public nameserver," he said.
To answer those queries, the nameserver has to reply to his servers. When it does, an extra record, known as an "A record," is sent to the victim's nameserver, and it now updates itself with information on how to connect to Kashpureff's domains.
The hack has met with opposition, even from those providing enhanced DNS. "It's a terrorist tactic," said Karl Denninger, who runs the eDNS registry. "It can't be used to actually solve the problem that he's trying to solve, so there's no point in doing it, other than as a publicity stunt. And that's all it is, and the result is that all he's done is force a bunch of people to upgrade their nameserver software to something that doesn't suffer from that bug.
"Basically, he mangled the DNS response, so anybody that queried his nameserver would get this cache pollution."
In effect, any user coming in contact with his network - even just by sending an email - would fall victim to the spoof. But Denninger says it doesn't scale: "If he could actually publish 200 TLDs through this mechanism it would be useful for him to try to bomb people with it, but the fact is, he can't. It's a very limited utility - you can only put a couple of a records in there, because that's all the space there is."
Denninger also questions the claim that 90 percent of the Net can resolve his DNS. By making this claim, more people will respond to him and try it, he said. This, in turn, will create the penetration that wasn't there to begin with.
But Kashpureff sees no harm in his work, and efforts to stymie the use of the hack - even the warnings that DNS operators have posted to mailing lists - won't do enough to stop it. "They can't get them out widely enough," he said. "Mom-and-Pop ISPs just doesn't give a damn. And when they do figure out what's going on, they're probably gonna go, 'Wow - cool, man!'"
And getting the AlterNIC DNS to resolve everywhere isn't Kashpureff's only goal - he wants to see the Net's namespace widened to accommodate everyone. "I advocate that whether people use InterNIC name service, or whether they use my name service or eDNS, they prime the root zone for themselves," he said, meaning that a user should have a local copy of the file that contains the authoritative list of all the name servers in the world for each TLD, from .au to .za.
Then, lookups to any root sever could be avoided. "Their system is no longer dependent on anyone else's root nameserver network - they run the root zone truly for themselves," he said.
