Hack puts AOL off limits By Janet Kornblum Staff Writer, CNET News.com October 16, 1998, 2:40 p.m. PT URL: http://www.news.com/News/Item/0,4,27655,00.html Internet users trying to send email to America Online users or get to the online giant's site have been plagued by problems due to a major glitch with the Internet's domain naming system. As reported earlier, instead of being routed directly to AOL, some users from the Net trying to send email to the company's 13 million members or trying to get to the company's portal were instead redirected to the servers of a company called Autonet.net, AOL spokeswoman Ann Brackbill has confirmed. The problem was caused when someone forged an email message to the InterNIC, run by Network Solutions, requesting that Network Solutions change AOL's designated name server. AOL had designated the lowest security clearance for changing its InterNIC records, which made it easier for a hacker to wreak havoc. The records were altered for several hours and have now been fixed. Because different ISPs update their name server records at different times, it is not clear how widespread the problem was. But systems administrators began noticing bounced email messages and problems resolving requests to get to the AOL site mid-morning. When Net surfers try to reach an address on the Net, they type it in their Web browsers or in an email message. In order to reach their destinations, the names are routed through the Net and sent to the domain name server. If the server is wrong, the surfer will not reach the proper destination and neither will his or her email. Most Internet access providers cache their domain name server records, so not everyone on the Internet would have instantly known there was a problem. There also may be continuing problems throughout the day due to caching and latency. A spokesperson for Autonet.net could not be reached for comment. NSI changes between 10 and 15,000 records every day, said Christopher Clough, a spokesman for NSI. Some are done automatically; others are done by people. Records requests are handled according to the security options designated by the registrar, Clough said. AOL had chosen the least secure option--which is also the default--in which the registrant states that Network Solutions is authorized to change the registration with a simple email message from the correct person. The most secure option requires the requesting party to use key encryption. It is fairly rudimentary to forge an email address. As a result, Network Solutions changed the records between 11 p.m. and 1 a.m. PT, Clough said. The InterNIC record was changed at 1:27 a.m. PT. The records were changed back to AOL's servers this afternoon, both Clough and Brackbill said. Brackbill said that AOL and Network Solutions have been working all morning to first correct the problem and then prevent it from reoccurring. It may take a while for systems throughout the Net to catch up with the corrected domain name server. "We've worked with them immediately to make sure this never happens again," Brackbill said. -o- Subscribe: mail majordomot_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:08:50 PDT