Some of the new web addresses recently made available by the Internet Corporation of Assigned Names and Numbers (ICANN) may be creating a new security risk that could compromise private networks around the world, according to analysis conducted by OpenDNS.
OpenDNS offers a free domain name service for anyone accessing the Internet – taking the letters and words we type into our browser’s address bars and connecting them to the numeric IP addresses where the websites and other Internet services are hosted. That’s given it a unique insight into how the new generic top-level domains (gTLDs) introduced this year by ICANN have been used so far. Up until recently, gTLDs were limited to just a handful of domains signifying the end of a URL – like .com, .net, or .org for example. But last year ICANN began making available new gTLDs that include .meme, .guru, and even .wtf so far. The domains are operated by the winners of a lengthy auction process that ICANN conducted.
So far concerns around the new gTLDs have mostly focused on whether the new URLs would result in a bonanza for cyber-squatters. Companies often have a tough time retrieving URLs registered by people solely for the purpose of trying to resell it at a later time for a hefty price tag. With so many new URLs available, it might be tough for a business to stay on top of its digital brand.
But a new security risk discovered by OpenDNS is one that likely few have considered. Hackers could register hostnames that impersonate the name addresses assigned on private networks. For example a person might set up a home network so one computer’s address is bedroom.home.network instead of 188.8.131.522. But now that .Network is an available domain in the public space, it’s possible a hacker could register that address and redirect it to a malicious server.
According to OpenDNS, hundreds of thousands of misfired requests are already being sent to home.network as a result of home routers WiFi lookup queries. None of those queries are resolving right now, but a hacker could register an often-used one and start intercepting the queries at any time to execute a ‘name collision’ attack. (OpenDNS lists some examples of a domain that a hacker might find appealing that are currently available, like localhost.home.network and windows.home.network).
“This ‘leakage’ is happening all over the world,” writes Ping Yan in the OpenDNS blog post. “Based on a quick query of yet-to-be-public gTLDs on April 5, 2014 we discovered 1,808 unique hosts leaking gTLD hostnames.”
A world map provided by OpenDNS shows where computers are sending out these leaked requests intended for an internal connection.
Another chart provided shows the top 30 gTLDs ranked by the number of unique hostnames queried. With .network clearly being the biggest segment, it’s clear the error identified by OpenDNS is happening at a significant scale. There are about 3000 hostnames on being queried on .network.
ICANN has reserved a number of gTLDs in order to avoid problems like this. For example, .Local and .Localhost are among the reserved gTLDs that won’t enter the public space. Others that might experience the same problem, such as .site and .home aren’t reserved, but also aren’t yet in the public space.
There is a solution to the problem, OpenDNS points out. Home and office network managers can use an internal DNS resolver and declare internal servers as authoritative over public gTLDs.