If it looks like a duck, and quacks like a duck, then it must be a duck…unless it’s a PITMA.

I had the opportunity (and pleasure) to attend a Roundtable Discussion this morning with some of the most well known Domain Name System (DNS) Experts in the world, including Dr. Paul Mockapetris  (inventor of DNS), Cricket Liu (author of many DNS books, including DNS and BIND.), Paul Vixie and Paul Parisi.

One of the major topics discussed in that meeting was Provider-in-the-Middle Attacks (PITMA) – For those of you who do not understand what a PITMA is take a look at this scenario:

You happen to be traveling abroad and are staying at a hotel which offers Internet service to it's guests (Wired or Wireless it doesn't matter.)  You open up your laptop, open up your browser and type in an address of a web site you just saw on television (what you don't realize at the time is that you have entered the address wrong); however instead of getting the standard “Page Cannot Be Found” browser message you get an advertisement from the hotel or the hotel's ISP.  You think to yourself damn, that's misleading and you blame the hotel.  However what you don't know is that it's not the hotel's fault.  You have just been a victim of a PITMA.

Instead of the hotel ISP's DNS Server telling your browser that you have reached a page that is not in it's database, it was programmed to redirect you to the advertisement page, this is known as NX Domain Redirecting/Re-Mapping and it is not only becoming a real PITA (‘M' purposely left out) but it's also a major security issue and one that needs to be addressed ASAP.

To learn more about PITMA's and how they could affect you, take a look at this article by Dan Kaminiski, director of penetration testing for IOActive.

‘Provider-in-the-Middle Attacks' Put Major Websites, Users at Risk – Desktop Security News Analysis – Dark Reading

If you want to learn more about DNS and DNS Programming the best place to learn, without a doubt is from Scott Perry and his crew over at DNSStuff.com.


Bookmark the permalink.

About jim®

James A. Restucci is the author of this blog. This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 Internal License.

One Response to If it looks like a duck, and quacks like a duck, then it must be a duck…unless it’s a PITMA.

  1. jimr says:

    Here is a link to the PODCAST of the Roundtable Discussion if you want to listen to it first hand.