ietf
[Top] [All Lists]

Re: [ietf] DNS spoofing at captive portals

2010-09-24 16:17:38
IANAL but would think that such practice should expose the operator
of the server or proxy to civil and/or criminal action, both from the
operators of the zones whose RRs are being misrepresented, and from
the users' whose applications are affected.

I'm not a lawyer either, but I at least know that fraud requires
intent.

If a naive user clicks on a link in spam, and the DNS cache intercepts
the request and returns a pointer to a warning page rather than a
Ukranian malware site, that's not fraud, that's a service.  If you
claim otherwise, people will look at you quizzically, like you're
spouting nonsense, which under the circumstances would be
understandable.  It also reinforces the perception that the IETF is
out of touch and hasn't noticed that it's no longer 1990.

Any analysis of DNS spoofing needs to take into account intentions and
tradeoffs.  On networks of consumer PCs, intercepting requests for
malware sites is a 100% win.  I'm not thrilled about the practice of
replacing NXDOMAIN with the A record of a page of links to lexically
similar web sites, but the actual harm of doing that on consumer
networks (not networks with servers) is pretty hard to show.
Replacing a valid record that isn't a pointer to malware with another
is indeed bad, but I don't know anyone who does that.

R's,
John

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf