- Impact
- 23,244
Risky BIZness: Risks Derived from Registrar Name Management
Gautam Akiwate, Stefan Savage, Geoffrey M. Voelker, KC Claffy
November, 2021
ABSTRACT
In this paper, we explore a domain hijacking vulnerability that is an accidental byproduct of undocumented operational practices between domain registrars and registries. We show how over the last nine years over 512K domains have been implicitly exposed to the risk of hijacking, affecting names in most popular TLDs (including .com and .net) as well as legacy TLDs with tight registration control (such as .edu and .gov). Moreover, we show that this weakness has been actively exploited by multiple parties who, over the years, have assumed control over 163K domains without having any ownership interest in those names. In addition to characterizing the nature and size of this problem, we also report on the efficacy of the remediation in response to our outreach with registrars.
Read more (PDF):
https://www.caida.org/catalog/papers/2021_risky_bizness/risky_bizness.pdf
ACM Reference Format: Gautam Akiwate, Stefan Savage, Geoffrey M. Voelker, and KC Claffy. 2021. Risky BIZness: Risks Derived from Registrar Name Management. In ACM Internet Measurement Conference (IMC ’21), November 2–4, 2021, Virtual Event, USA. ACM, New York, NY, USA, 14 pages. https://doi.org/10.1145/3487552.3487816
Gautam Akiwate, Stefan Savage, Geoffrey M. Voelker, KC Claffy
November, 2021
ABSTRACT
In this paper, we explore a domain hijacking vulnerability that is an accidental byproduct of undocumented operational practices between domain registrars and registries. We show how over the last nine years over 512K domains have been implicitly exposed to the risk of hijacking, affecting names in most popular TLDs (including .com and .net) as well as legacy TLDs with tight registration control (such as .edu and .gov). Moreover, we show that this weakness has been actively exploited by multiple parties who, over the years, have assumed control over 163K domains without having any ownership interest in those names. In addition to characterizing the nature and size of this problem, we also report on the efficacy of the remediation in response to our outreach with registrars.
Read more (PDF):
https://www.caida.org/catalog/papers/2021_risky_bizness/risky_bizness.pdf
ACM Reference Format: Gautam Akiwate, Stefan Savage, Geoffrey M. Voelker, and KC Claffy. 2021. Risky BIZness: Risks Derived from Registrar Name Management. In ACM Internet Measurement Conference (IMC ’21), November 2–4, 2021, Virtual Event, USA. ACM, New York, NY, USA, 14 pages. https://doi.org/10.1145/3487552.3487816
Last edited:
