Forwarded From: phreakmoi <hackerelite@deathsdoor.com>
http://www.wired.com/news/news/technology/story/15673.html
AOL: 'You've Got Weak Security!'
by Michael Stutz
3:50 p.m. 16.Oct.98.PDT
America Online's 13 million subscribers were unable to receive email or
request AOL Web pages Friday morning after a prankster redirected the
service's domain name address to a small company in Ann Arbor, Michigan.
"We identified the problem and we've fixed the routing problem," said AOL
spokeswoman Ann Brackbill. "Most of it is getting through now -- but there
may be still some delays because once you correct the address again, it
takes time to propogate itself through the Internet."
Brackbill said that AOL's address was "inadvertently" changed in the main
domain name server that routes mail from the Internet to AOL (AOL). This
was the result of a forged "modify domain" form that was emailed yesterday
to Network Solutions, stewards of the Internet's Network Information
Center and root servers. The form is normally used by network
administrators to inform Network Solutions (NSOL) of updates made to
servers, or mailing address, or contact information associated with their
domain name.
Last night, somebody emailed Network Solutions a forged template that was
made to appear as if it came from AOL. The form instructed Network
Solutions to change the domain record in their "root servers" from aol.com
to Autonet. The changes were made Friday at 4:30 a.m. EST and reflected
in Network Solutions root servers, which in turn sent the new address out
to other domain-name servers across the Internet.
It took several hours to fix. Meanwhile, all email and all to access
aol.com were bounced to autonet.net. By Friday afternoon, the situation
was under control, a Network Solutions spokesman said.
Normally, update forms must be approved by an official from the affected
domain. AOL could also have opted for a secure, digitally signed version
of the form to prevent mischief.
"There are three levels of security, and AOL chose the default option,"
said AOL spokesman Christopher Clough.
In the meantime, network administrators for AOL and Autonet produced a
workaround hack where the Autonet name servers were temporarily designated
the "authoritative servers" for AOL. The admins set the machine to
redirect all requests back to the proper servers at AOL.
Other network administrators around the Net pitched in to help, making
temporary changes to their local networks so that their users could still
access AOL.
"We caught it here at work when customers began complaining that AOL was
unreachable and email was bouncing," said Jeff McAdams, network
administrator for IgLou Internet Services in Louisville, Kentucky. So did
Bryan Blank, a senior systems analyst for Discovernet.
"I set up my nameservers to tell my customers' computers and nameservers
that we are authorative for aol.com, and included as much data as I could
from the aol.com zone in my nameservers.
"This is just an interim solution to keep mail and Web traffic flowing
between my network and AOL's," Blank said.
Brackbill said that while some action may be taken against the
perpetrator, the origin of the forged email has not been identified.
"All we wanted to do was fix it really quickly -- that's really been all
we've been concentrating on."
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Mon Oct 19 09:19:38 1998