Forgot your password?
typodupeerror
Security

Register your own .mil Domain 334

Posted by CmdrTaco
from the someone-should-register-paper.mil dept.
JWSmythe writes " As reported in This Story at theregister.co.uk ,and on dailyrotten.com, it seems the US Department of Defense has dropped the ball. Not only can you register a .mil domain, but you can find "secret" domains that aren't publically known (the gov't uses security through obscurity?). I'm looking forward to hacker.mil, warez.mil, and porn.mil."
This discussion has been archived. No new comments can be posted.

Register your own .mil Domain

Comments Filter:
  • by Motherfucking Shit (636021) on Sunday January 26, 2003 @11:46AM (#5161803) Journal
    http://www.nic.mil/dodnic [nic.mil]. No, I didn't go poking around. If you've got bigger balls than I, perhaps you can link to the supposed admin area...
  • Re:hard to believe (Score:2, Informative)

    by thac0 (644918) on Sunday January 26, 2003 @11:53AM (#5161850)
    Maybe the air force does make it difficult. I've certainly seen some pretty tight networks myself, but that doesn't mean that everything is. And the subject in question is actually kind of a fringe subject that one might believe to be missed in security sweeps and such.
  • Aaahh (Score:5, Informative)

    by Anonymous Coward on Sunday January 26, 2003 @11:55AM (#5161859)
    I found this [nic.mil] without having to click on this [nic.mil]
  • by vericgar (627150) on Sunday January 26, 2003 @12:00PM (#5161879) Homepage
    http://www.google.com/webmasters/3.html#B2 Google has in place functionality to not cache a page, and has had this for a long time. The fault here is with the DoD. They need to learn some security.
  • here it is... (Score:5, Informative)

    by Anonymous Coward on Sunday January 26, 2003 @12:01PM (#5161883)
    link [disa.mil]
  • Re:Aaahh (Score:5, Informative)

    by Anonymous Coward on Sunday January 26, 2003 @12:05PM (#5161901)
    And this [nic.mil] is the domain registration link.

    Won't work without a .mil email address, though.

  • Re:Aaahh (Score:5, Informative)

    by Anonymous Coward on Sunday January 26, 2003 @12:08PM (#5161924)
    This [nic.mil] too, for reserving your very own netblock.
  • Re:Aaahh (Score:5, Informative)

    by Big Mark (575945) on Sunday January 26, 2003 @12:10PM (#5161928)
    From the ftp link they gave. You need this info to register:
    H2B. Sponsoring Agency..........:

    Indicate the Service, Unified or Specified Command, DoD operating
    Agency, or non-DoD Agency of the US government that you are affiliated
    with. (for a valid list of agencies, please refer to the
    service-agencies.txt located in the netinfo directory).

    Example: AF
    Ah. So you can't get one if you're not a serviceman. No story, methinks.

    -Mark
  • by Anonymous Coward on Sunday January 26, 2003 @12:13PM (#5161943)
    http://www.nic.mil/visitors.txt and http://www.nic.mil/help
  • Re:2600 contest? (Score:3, Informative)

    by neurostar (578917) <neurostar@p r i v on.com> on Sunday January 26, 2003 @12:20PM (#5161980)

    Doesn't (didn't) 2600 have a contest like this? The first person to manage to get a .mil domain gets a free subscription, or something like that?

    Their contest says that if you resgister 2600.mil (or any 2600.something) and point it to their website, you get a free lifetime subscription. (I think it's any TLD)

    neurostar
  • Re:Aaahh (Score:5, Informative)

    by xintegerx (557455) on Sunday January 26, 2003 @12:20PM (#5161984) Homepage
    Wow, I didn't believe it was there!

    I found references to http://www.nic.mil/cgi-bin/whois on google. I was debating on trying /admin and etc instead, but didn't :)

    Instead, I searched for

    admin http://www.nic.mil

    on Google, to verify the news. I ended up clicking on a web site that shows beginning web masters useful resources.

    From there, I went to the site one level above, and from there clicked a link to view a document about standard run of the mill no big whoop procedures about webmastering (pretty useful if you want to be a contractor or write software and have it comply, I assume.)

    BTW the security notice on this document is a link to army.mil's privacy policy, which says:

    Information presented on Army Home Page is considered public information and may be distributed or copied unless otherwise specified. Use of appropriate byline/photo/image credits is requested.

    Anyway, on this document I was just describing, click the second link to the defenselink webmasters area.

    There (which is also public according to their stated policy) you can click on "Domain Registration in the .mil domain" and see this
    http://www.nic.mil/ftp/mgt/bul-9605.txt [nic.mil]

    These are just public info resources. army.mil's security policy says if you try to upload or change stuff, that's what they care about.
  • Re:2600 contest? (Score:5, Informative)

    by weave (48069) on Sunday January 26, 2003 @12:21PM (#5161989) Journal
    2600 would be all into finding out how to do it and telling the world about it, but not going ahead and actually doing it. I've never seen them advocate breaking into systems, just how in can be done. If you read the letters to the editor in the mag and their responses to people who want to do malicious cracking, you'll see they stomp em pretty hard for being stupid.

    Besides that, the military might have an incompetent admin that exposes something stupid like that, but I for one wouldn't want to try my luck at exploiting it. I think you'd face better odds for survival as a black man spitting on an LAPD officer in a remote area away from public view.

  • Address (Score:5, Informative)

    by AirLace (86148) on Sunday January 26, 2003 @12:38PM (#5162092)
    The URL is http://sites.defenselink.mil/

    It hasn't been possible to add new domains or run queries since Friday, so don't even bother.
  • by Q Who (588741) on Sunday January 26, 2003 @12:41PM (#5162112)

    I did the process at the .mil NIC site [nic.mil].

    After you fill all the forms, there's:

    PAY ATTENTION!

    This online program makes no changes to the WHOIS database.

    The scope of this online program is to send the template to the e-mail address entered in the field below.

    Once you receive the completed template, you must forward it to the appropriate point of contact for action.

    The NIC will not process any templates until it receives this template (by email) from the domain administrator or service PMO.

    So you are essentially filling a template, which you can do by hand as well, following the instructions here [nic.mil].

    It lets you retrieve POC by a handle though. I don't know the access level of this information in USA, but this is quite odd, since it seems that the handles are assigned by initials, and are of progressively increasing length.

    I also wonder where does this interface gets that data from... There's a DB somewhere, and it can be probably hacked via this interface.

  • Re:Aaahh (Score:3, Informative)

    by ShdwFear (221860) on Sunday January 26, 2003 @12:56PM (#5162185)
    http://nic.mil/cgi-bin/cs
    http://nic.mil/cgi-bin/ domain
    http://nic.mil/cgi-bin/ip-num
    http://nic. mil/cgi-bin/occ
    http://nic.mil/cgi-bin/asn
    http: //nic.mil/cgi-bin/xtac
    http://nic.mil/cgi-bin/rou ter
    http://nic.mil/cgi-bin/host

    other toys
    http://frwebgate.access.gpo.gov/cgi-bin/usef tp.cgi ?IPaddress=162.140.64.88&filename=he99027.txt&dire ctory=/diskb/wais/data/gao

    http://boulder.noaa.gov/noc/nhcexit.txt

  • Re:Of course... (Score:3, Informative)

    by killthiskid (197397) on Sunday January 26, 2003 @01:05PM (#5162230) Homepage Journal

    Don't get to excited:

    Also Important!

    In order to use this online registration utility, you MUST have a WORKING e-mail address located on the NIPRNET.

    If you do not have an e-mail address, you should use the plain-text templates available by FTP

    Of course, not wanting to be labelled a combatent, that's as far as I went.

  • Re:Aaahh (Score:2, Informative)

    by j3ss (632376) on Sunday January 26, 2003 @01:09PM (#5162247) Homepage
    The people who run Anonymizer will give up their logs to any law enforcement agency if asked to do so. Anonymizer is good for hiding your tracks from other netizens but I wouldn't trust it for anything illegal.
  • Re:NIPR.MIL (Score:1, Informative)

    by Anonymous Coward on Sunday January 26, 2003 @01:16PM (#5162293)
    NIPR just stands for "Non-classified Internet Protocol Router"... usually used as "NIPRNet". Basically the name for DoD's slice of the internet.
    Not to be confused with "SIPRNet", which is the secure side, which isn't even connected to the regular internet. It's called "air gap".

    DISA reverses much of it's IP space to the NIPR.MIL domain. So basically you had a DoD visitor to your web site... since there are hundreds of thousands of DoD NIPRNet users, that's not to suprising.
  • by Animats (122034) on Sunday January 26, 2003 @01:43PM (#5162426) Homepage
    That's exactly the process used in the early days of the Internet, when, to register a domain, you emailed a similar template to somebody at SRI International, which ran the Network Information Center. Then you waited for a week or so for the domain to show up in the HOSTS.TXT file on the FTP server, and months for enough hosts to download it that anyone could reach you. MILNET ran the same way, but somebody at Defense Communications Agency processed the requests for the ".MIL" domain.

    Once DNS came in (yes, there was an Internet before DNS), delegation started working. Early thinking was that you'd have one second-level domain for each large organization, which would then manage its own third-level namespace. MILNET still works that way. Since the military is very hierarchical, the organizational structure matches the DNS hierarchy.

    Historically, there weren't many top-level .MIL updates. Most changes were further down in the hierarchy. If the NIC for MILNET is still using that template, it's probably still that way.

  • Re:Address (Score:1, Informative)

    by Anonymous Coward on Sunday January 26, 2003 @03:29PM (#5163019)
    The above comment is the only correct one I've seen so far. nic.mil is obviously a standard mail form template, and submissions are reviewed by a human. sites.defenselink.com on the other hand, is a custom app to manage the domains. It also fits the description of adding a new user without authenticating, as described in the story.

    http://sites.defenselink.mil/ [google.com]
    http://sites.defenselink.mil/servlet/DataEntry [google.com]
    http://sites.defenselink.mil/servlet/DataEntry/add user [google.com]

    BTW, I found this independantly by searching for '"add user" site:.mil'.
  • Summary (Score:5, Informative)

    by JWSmythe (446288) <jwsmytheNO@SPAMjwsmythe.com> on Sunday January 26, 2003 @05:08PM (#5163459) Homepage Journal

    Here's a summary of the proposed domains. :)

    If you want to know who submitted it, read through the comments again.

    Enjoy!

    Al-Queda.mil
    runofthe.mil
    General.mil (cereal)
    Cara.mil (caramel)
    Rumor.mil (which would be slashdot.org.. hehe)
    rastafarian.mil
    peace.mil
    Piece.mil ("as I find well toned and armed women hot")
    starfleet.mil
    diploma.mil
    peace.in.our.ti me.mil
    gin.mil
    pointlessdeath.mil
    2600.mil
    Nat aliePortman.mil
    runofthe.mil
    slashdot.mil
    allyo urbase.mil
    IN-SOVIET-RUSSIA-we-practice-better-in ternet-secur ity-than-lazy-capitalist-pigs.mil
    in.soviet.russi a.mil.registers.you.mil
    slashdot.mil
    kevinmitnic k.mil
    2600.mil
    fuckedcompany.mil
    bushisanidiot. mil
    ashcroftisan ass.mil
    sgc.mil
    weoverthrewiran.mil
    weoverthrew guatemala.mil
    weassinatevietnamese.mil
    wekillciv iliansinasia.mil
    wesupportcoupinchile.mi
    wesuppo rtmilitartyinemsavabor.mil
    wetrainedosama.mil
    we supportcontras.mil
    wegavesaddammoney.mil
    wegavei raqweapons.mil
    weoverthrewpanama.mil
    webombaspir infactories.mil
    "noches.mil" (Thousand nigths)
    "dos.mil" (Two thousand)
    blackop.mil
    pepper.mil
    paper.mil
    dar k.satanic.mil
    deathstar.mil (for dvader@deathstar.mil)
    milf.mil
    Wind.mil
    honeypo t.mil
  • by toker95 (645026) <jbtokash@@@earthlink...net> on Sunday January 26, 2003 @10:49PM (#5164863)
    For those who REALLY want a .MIL domain name... Having spent a good deal of time in the US Navy dealing with the fun of keeping seperated, classified and unclassified networks, I can tell you exactly how much of a threat this problem is, to national security.. None. At the very worst, as pointed out in earlier posts... slashdotting a public domain .mil site (like http://chinfo.navy.mil/) would only serve to seriously tick off servicemembers family's, and the average run of the mill PR guys for the navy. Classified servers, sites, and networks are encrypted before they ever touch the same cables as the internet. In many cases, they never DO touch the same cables, but.. Yes, alot of that -classified- traffic passes over the same lines as your average slashdot post, BUT... its highly encrypted before it ever gets there (encryption level and equipment obviously varied by classification level, some data doesn't even get to TOUCH a networked computer). As well, a LARGE portion of the .mil domain's are setup to ONLY see traffic from another authorized .mil network (usually managed by IP address's). If your .mil network needs access to see my network, as well as getting the usual userids and passwords, my net admins need to talk to yours, and put your 1.2.3.xxx address into our firewall. So, the threat here? The threat is really only to the fact that its completely possible to now have a bazillion "yourname.yourwebsite.mil" websites running around... And this wouldn't HURT anything persay, because most .mil websites are acronyms like "subhqnorva.navy.mil" (for Submarine Squadron Headquarters Norfolk Virginia). US Military bungle? Yes National Security Threat? Minimal... Do you really want a .mil domain? Gee, only if you want to cause unnecessary trouble for a government trying to prepare for war...

Real Users find the one combination of bizarre input values that shuts down the system for days.

Working...