Networking / Beginners

Similar Hostnames

When using a keyboard, typographical errors are common. It is not uncommon for a user to enter in a wrong hostname. Attackers can use this knowledge to hijack connections. For example, if a user wants to connect to Bank of America (bankofamerica. com), they may accidentally enter bonkofamerica.com. If an attacker owns the similar hostname, then they can impersonate the actual site and attack the user's connection. In December 2003, over 30 variations of bankofamerica.com were registered over a 4-day period. Each variation represents a common typographical error. Some of these domains, such as bankofajerica.com, were used for fraud and shut down. (bankofajerica.com was re-registered 1 year later.)

Automatic Name Completion

Many Web browsers support automatic name completion. Rather than typing in the TLD (e.g., .com), users can just enter the middle of the hostname. Automatic name completion appends a series of TLD suffixes until the hostname is found. Usually .com is tried first. If a Web site does not end with a .com, then an attacker can effectively hijack the domain by registering the .com name.

One of the most widely known examples of name completion hijacking is whitehouse.com. In 1997, Dan Parisi registered the domain and set up a pornographic Web site [Pelline1997]. The President of the United States uses the hostname whitehouse.gov. Users that entered whitehouse in their Web browsers had auto-completion take them to a porn site rather than the President's Web site. Although this Web site is no longer hosting pornography [Rosen2004], it clearly demonstrated the power of hijacking through automatic name completion.

Social Engineering

Social engineering is a term used to describe sociological persuasion. Rather than using computers and scripts to compromise a system, a social engineer uses guise and conman techniques. They may use emails or telephones to convey authority and acquire the information that they desire.

Domain names are registered through a limited number of name registrars. If the registrar can be convinced that a user is an authoritative owner of a domain, the domain's information can be modified or transferred.

[Previous] [Contents] [Next]