{"id":142,"date":"2008-08-18T12:38:28","date_gmt":"2008-08-18T19:38:28","guid":{"rendered":"http:\/\/192.168.1.5:8080\/?p=142"},"modified":"2021-02-16T13:11:05","modified_gmt":"2021-02-16T18:11:05","slug":"the-internet-is-broken","status":"publish","type":"post","link":"https:\/\/www.mindhacker.com\/2008\/08\/18\/the-internet-is-broken\/","title":{"rendered":"The internet is broken&#8230;"},"content":{"rendered":"<p>The internet is broken&#8230; So the internet as we know it is extremely broken.\u00a0 And for some reason know one seems to know about it.\u00a0 Except us g33ks who run it<a href=\"http:\/\/www.instagram.com\/zenmindhacker\">.\u00a0<\/a> Seriously it&#8217;s so broken, that it should be headlining on CNN.\u00a0 But nothing<a href=\"http:\/\/www.mindhacker.com\">.<\/a><\/p>\n<p>A few months back we got notification from the US Govt that Dan Kaminsky had identified a major hole in the protocol spec for DNS.\u00a0 It had to do with DNS only usuing a very limited amount of source ports for sending out it&#8217;s requests.\u00a0 Along with this limited number of source ports it uses a 16 bit transaction ID on each of the packets.<\/p>\n<p>Kaminsky had identified that you could force a remote DNS server to do a query for 1.cian.ca, then 2.cian.ca then 3.cian.ca, etc.\u00a0 Then, while it&#8217;s waiting for the real cian.ca to respond, you flood it with a whole bunch of packets to that limited number of ports, each packet guessing the 16 bit transaction ID.\u00a0 Given the limitations DNS had before, you could have a 60% chance of getting it right considering how many packets you were sending.<\/p>\n<p>The real trick was to respond with the information telling it what 3.cian.ca was, but then adding (as in the DNS spec) &#8220;Additional Information&#8221; which had authoritative records for the NAMESERVERS for cian.ca.\u00a0 So even if your target had cached the nameservers for cian.ca already, you can re-point that domain to any IP you wish, for whatever target nameserver you wish.<\/p>\n<p>So think about targeting AOL customers.\u00a0 Then think about overwriting microsoft.com, or cnn.com, or how about royalbank.com.\u00a0 Now it&#8217;s getting scary.\u00a0 And up until we all patched, that really wouldn&#8217;t be very hard to do.<\/p>\n<p>So everyone patches.\u00a0 It&#8217;s the biggest co-ordinated upgrade in history.\u00a0 And we were all pretty quiet about it.<\/p>\n<p>Now what is happening is the source port is being randomized for queries.\u00a0 So now you have about 64 thousand ports to guess in addition to the 16 bit number.\u00a0 This is about 2 to the 27 ish possibilities.<\/p>\n<p>Dan Kaminsky has now also <a href=\"http:\/\/tservice.net.ru\/~s0mbre\/blog\/devel\/networking\/dns\/2008_08_08.html\">sucessfully demonstrated<\/a> that with a Gig connection, and two attacking hosts, he can redirect nameservers within about 10 hours (instead of seconds) now.\u00a0 That&#8217;s only using 2 hosts.<\/p>\n<p>What would happen if you say&#8230;had a botnet of a couple million?\u00a0 Divide them up, assign a couple per port, and have them co-ordinate an attack on a nameserver?\u00a0 You could literally redirect at will.<\/p>\n<p>And I&#8217;m sure it&#8217;s being done right now.\u00a0 Think it will be a while before I log into paypay, ebay, gmail, banking&#8230;..oh shit&#8230;.how the hell can I do that?!?!?<\/p>\n<p>Now&#8230;CNN, CBC, all you guys, WHERE THE FUCK IS THE NEWS ABOUT THIS?!?!?!?!?!?!?!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The internet is broken&#8230; So the internet as we know it is extremely broken.\u00a0 And for some reason know one seems to know about it.\u00a0 Except us g33ks who run it.\u00a0 Seriously it&#8217;s so broken, that it should be headlining on CNN.\u00a0 But nothing. A few months back we got notification from the US Govt [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,8],"tags":[51,76,112,125],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>The internet is broken... - mindhacker<\/title>\n<meta name=\"description\" content=\"The internet is broken... So the internet as we know it is extremely broken.\u00a0 And for some reason know one seems to know about it.\u00a0 Except...\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.mindhacker.com\/2008\/08\/18\/the-internet-is-broken\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The internet is broken... - mindhacker\" \/>\n<meta property=\"og:description\" content=\"The internet is broken... So the internet as we know it is extremely broken.\u00a0 And for some reason know one seems to know about it.\u00a0 Except...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mindhacker.com\/2008\/08\/18\/the-internet-is-broken\/\" \/>\n<meta property=\"og:site_name\" content=\"mindhacker\" \/>\n<meta property=\"article:published_time\" content=\"2008-08-18T19:38:28+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-02-16T18:11:05+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mindhacker.com\/wp-content\/uploads\/2020\/05\/16eebed3-cian-kenshin-original-size.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"768\" \/>\n\t<meta property=\"og:image:height\" content=\"1024\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"cian\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@mindhackerbook\" \/>\n<meta name=\"twitter:site\" content=\"@mindhackerbook\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"cian\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mindhacker.com\/2008\/08\/18\/the-internet-is-broken\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mindhacker.com\/2008\/08\/18\/the-internet-is-broken\/\"},\"author\":{\"name\":\"cian\",\"@id\":\"https:\/\/www.mindhacker.com\/#\/schema\/person\/18cc7a3d17da9b7d8b6201e300b6a220\"},\"headline\":\"The internet is broken&#8230;\",\"datePublished\":\"2008-08-18T19:38:28+00:00\",\"dateModified\":\"2021-02-16T18:11:05+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mindhacker.com\/2008\/08\/18\/the-internet-is-broken\/\"},\"wordCount\":460,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.mindhacker.com\/#\/schema\/person\/18cc7a3d17da9b7d8b6201e300b6a220\"},\"keywords\":[\"cnn\",\"dns\",\"hack\",\"kaminsky\"],\"articleSection\":[\"Business\",\"Personal\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.mindhacker.com\/2008\/08\/18\/the-internet-is-broken\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mindhacker.com\/2008\/08\/18\/the-internet-is-broken\/\",\"url\":\"https:\/\/www.mindhacker.com\/2008\/08\/18\/the-internet-is-broken\/\",\"name\":\"The internet is broken... - mindhacker\",\"isPartOf\":{\"@id\":\"https:\/\/www.mindhacker.com\/#website\"},\"datePublished\":\"2008-08-18T19:38:28+00:00\",\"dateModified\":\"2021-02-16T18:11:05+00:00\",\"description\":\"The internet is broken... So the internet as we know it is extremely broken.\u00a0 And for some reason know one seems to know about it.\u00a0 Except...\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mindhacker.com\/2008\/08\/18\/the-internet-is-broken\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mindhacker.com\/2008\/08\/18\/the-internet-is-broken\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mindhacker.com\/2008\/08\/18\/the-internet-is-broken\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.mindhacker.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The internet is broken&#8230;\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mindhacker.com\/#website\",\"url\":\"https:\/\/www.mindhacker.com\/\",\"name\":\"mindhacker\",\"description\":\"\ud80c\udc80 Blending ancient wisdom and tech to help entrepreneurs actualize their purpose\",\"publisher\":{\"@id\":\"https:\/\/www.mindhacker.com\/#\/schema\/person\/18cc7a3d17da9b7d8b6201e300b6a220\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mindhacker.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/www.mindhacker.com\/#\/schema\/person\/18cc7a3d17da9b7d8b6201e300b6a220\",\"name\":\"cian\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mindhacker.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.mindhacker.com\/wp-content\/uploads\/2022\/07\/aguaecoco-1532-scaled.jpg\",\"contentUrl\":\"https:\/\/www.mindhacker.com\/wp-content\/uploads\/2022\/07\/aguaecoco-1532-scaled.jpg\",\"width\":1706,\"height\":2560,\"caption\":\"cian\"},\"logo\":{\"@id\":\"https:\/\/www.mindhacker.com\/#\/schema\/person\/image\/\"},\"url\":\"https:\/\/www.mindhacker.com\/author\/cian\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The internet is broken... - mindhacker","description":"The internet is broken... So the internet as we know it is extremely broken.\u00a0 And for some reason know one seems to know about it.\u00a0 Except...","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.mindhacker.com\/2008\/08\/18\/the-internet-is-broken\/","og_locale":"en_US","og_type":"article","og_title":"The internet is broken... - mindhacker","og_description":"The internet is broken... So the internet as we know it is extremely broken.\u00a0 And for some reason know one seems to know about it.\u00a0 Except...","og_url":"https:\/\/www.mindhacker.com\/2008\/08\/18\/the-internet-is-broken\/","og_site_name":"mindhacker","article_published_time":"2008-08-18T19:38:28+00:00","article_modified_time":"2021-02-16T18:11:05+00:00","og_image":[{"width":768,"height":1024,"url":"https:\/\/www.mindhacker.com\/wp-content\/uploads\/2020\/05\/16eebed3-cian-kenshin-original-size.jpg","type":"image\/jpeg"}],"author":"cian","twitter_card":"summary_large_image","twitter_creator":"@mindhackerbook","twitter_site":"@mindhackerbook","twitter_misc":{"Written by":"cian","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mindhacker.com\/2008\/08\/18\/the-internet-is-broken\/#article","isPartOf":{"@id":"https:\/\/www.mindhacker.com\/2008\/08\/18\/the-internet-is-broken\/"},"author":{"name":"cian","@id":"https:\/\/www.mindhacker.com\/#\/schema\/person\/18cc7a3d17da9b7d8b6201e300b6a220"},"headline":"The internet is broken&#8230;","datePublished":"2008-08-18T19:38:28+00:00","dateModified":"2021-02-16T18:11:05+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mindhacker.com\/2008\/08\/18\/the-internet-is-broken\/"},"wordCount":460,"commentCount":0,"publisher":{"@id":"https:\/\/www.mindhacker.com\/#\/schema\/person\/18cc7a3d17da9b7d8b6201e300b6a220"},"keywords":["cnn","dns","hack","kaminsky"],"articleSection":["Business","Personal"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.mindhacker.com\/2008\/08\/18\/the-internet-is-broken\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.mindhacker.com\/2008\/08\/18\/the-internet-is-broken\/","url":"https:\/\/www.mindhacker.com\/2008\/08\/18\/the-internet-is-broken\/","name":"The internet is broken... - mindhacker","isPartOf":{"@id":"https:\/\/www.mindhacker.com\/#website"},"datePublished":"2008-08-18T19:38:28+00:00","dateModified":"2021-02-16T18:11:05+00:00","description":"The internet is broken... So the internet as we know it is extremely broken.\u00a0 And for some reason know one seems to know about it.\u00a0 Except...","breadcrumb":{"@id":"https:\/\/www.mindhacker.com\/2008\/08\/18\/the-internet-is-broken\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mindhacker.com\/2008\/08\/18\/the-internet-is-broken\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.mindhacker.com\/2008\/08\/18\/the-internet-is-broken\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.mindhacker.com\/"},{"@type":"ListItem","position":2,"name":"The internet is broken&#8230;"}]},{"@type":"WebSite","@id":"https:\/\/www.mindhacker.com\/#website","url":"https:\/\/www.mindhacker.com\/","name":"mindhacker","description":"\ud80c\udc80 Blending ancient wisdom and tech to help entrepreneurs actualize their purpose","publisher":{"@id":"https:\/\/www.mindhacker.com\/#\/schema\/person\/18cc7a3d17da9b7d8b6201e300b6a220"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mindhacker.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/www.mindhacker.com\/#\/schema\/person\/18cc7a3d17da9b7d8b6201e300b6a220","name":"cian","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mindhacker.com\/#\/schema\/person\/image\/","url":"https:\/\/www.mindhacker.com\/wp-content\/uploads\/2022\/07\/aguaecoco-1532-scaled.jpg","contentUrl":"https:\/\/www.mindhacker.com\/wp-content\/uploads\/2022\/07\/aguaecoco-1532-scaled.jpg","width":1706,"height":2560,"caption":"cian"},"logo":{"@id":"https:\/\/www.mindhacker.com\/#\/schema\/person\/image\/"},"url":"https:\/\/www.mindhacker.com\/author\/cian\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mindhacker.com\/wp-json\/wp\/v2\/posts\/142"}],"collection":[{"href":"https:\/\/www.mindhacker.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mindhacker.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mindhacker.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mindhacker.com\/wp-json\/wp\/v2\/comments?post=142"}],"version-history":[{"count":1,"href":"https:\/\/www.mindhacker.com\/wp-json\/wp\/v2\/posts\/142\/revisions"}],"predecessor-version":[{"id":2806,"href":"https:\/\/www.mindhacker.com\/wp-json\/wp\/v2\/posts\/142\/revisions\/2806"}],"wp:attachment":[{"href":"https:\/\/www.mindhacker.com\/wp-json\/wp\/v2\/media?parent=142"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mindhacker.com\/wp-json\/wp\/v2\/categories?post=142"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mindhacker.com\/wp-json\/wp\/v2\/tags?post=142"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}