Clever Hacks: DNS Tricks
Tune in to the net's untapped power
New Scientist vol 183 issue 2458, 1 July 2004, page 22
Tinker with the internet's phone book and you can create a radio station or track down long-lost friends.
By day Dan Kaminsky works as an ordinary computer security consultant for a big IT firm. But he's got a dark side.
This weekend he's on stage at the DefCon hacker conference in Las Vegas, Nevada. His latest trick is turning the internet's domain name server (DNS) system - designed to translate domain names to machine-readable codes - into an internet radio station (see "Radio mischief") or a peer-to-peer network. He is even showing how DNS can be used to bypass firewalls to hack into supposedly secure networks.
Kaminsky isn't the only one fiddling with the DNS system. Telephone companies and even retailers are looking at ways of persuading the mundane DNS protocol to perform tricks that could save them billions by reusing the existing system for new purposes.
This desire to augment DNS isn't hard to understand. "Every computer on the planet knows how to access DNS servers," says Paul Mockapetris, co-inventor of DNS. That means instant access to 2 billion computers that make up the internet.
But how do you twist such a system into indexing a whole new range of data? Mockapetris built into the design of DNS the ability to return strings of text that can represent a type of simple programming command - called a "regular expression" in programming jargon. Now the Internet Engineering Task Force, the international organisation responsible for developing the internet, has used this quirk to turn DNS into a general directory service, called ENUM.
Here's how it works. To turn your telephone number, say +1 408 555 1234, into a domain name you reverse it, sprinkle dots between the digits and add the special domain e164.arpa, to get: 184.108.40.206.220.127.116.11.0.4.1.e164.arpa
Looking this up on the DNS system will return, instead of a usual IP address, a regular expression. Applying this regular expression to the original phone number then converts it into a URL. For example, when applied to "+14085551234" it might convert the number into "mailto:donewscientist.com": the regular expression generates the "do" from the phone number, and provides the rest of the URL itself. In this way, every phone number can be linked to its own email address, so if your phone is engaged a computer can automatically copy your voice mail to your email, or try to locate you via an instant messenger service instead.