Bitsquatting by Drake Talley

"Bitsquatting" refers to a strategy for DNS hijacking that leverages random bit errors that occur when setting or resolving domain names. The exploit is relatively simple to implement, but exploring its underlying motivations and possibility can help shed light on some of the basic components of the DNS system. I hope to describe the mechanics of bitsquatting, its potential mitigation, as well as lessons about the workings of DNS I've gained while hacking on this project in Ruby.

I wrote a gem as a small toolkit for learning about bitsquatting, consisting of a utility for generating valid domain names that are precisely 1-bit in difference from a domain given as input and a class that checks the availability of domains for the sake of defensively registering them. Ruby offered decent DNS libraries, and the built-in bit operations can smoothly be leveraged for the aforementioned tasks.

The talk will cover an overview of bitsquatting, the mechanics for generating candidate domains and verifying their availability, a description of how DNS queries must be handled in a non-standard fashion to effectively implement the exploit, and lastly my experiences writing my first gem.