This chapter covers DNS and other similar namespace hijacking attacks. DNS attacks are the most popular type of namespace attack, but this chapter covers multiple types of namespaces used by the Internet, some of which not all readers may be aware of. But each may be involved as a dependency in an MFA solution and can be hacked and abused.

Introduction

As discussed in Chapter 5, “Hacking MFA in General,” most underlying MFA solutions rely on a digitally represented namespace of some sort, most often Domain Name System (DNS). There isn't a conclusive definition of namespace, but it can be most commonly thought of as a way of naming, locating, storing, and categorizing objects within a shared system. The governing domain of a namespace can be something used only locally on a single device where it is located; used between multiple, remote participating entities who agree to use it (like Extensible Markup Language [XML]); or used globally throughout the world. Namespaces govern the very small, such as the natural taxonomy (kingdom, phylum, class, order, etc.) to classify microorganisms, like bacteria, to almost unfathomably large celestial objects, like galaxies and star nebulas (named and classified by various space-related organizations such as the International Astronomical Union). Namespaces give participants an easier and agreed upon way to name, classify, store, and locate objects.

Our home mailing addresses are a sort of namespace. You can point to any ...