Fun story. Back in day when bitflip domain research was released, I immediately offered it as a service to our customers. Register all available likely typos and bitflips. Computers flip dns lookip bits /surprisingly/ often. Run email, web, and other collectors. See what you get. We got so much legit data. The real good was owning those domains, but it was amazing to see how much compromising and sensitive data we collected for customers over the years. Widespread TLS helps, but it turns out they just want valid TLS… so for some of the hottest domains we would get certs for email, etc. fun stuff. You can still do this today, especially for newer companies.
> Computers flip dns lookip bits /surprisingly/ often.
Thought 1: is this because of the source/destination computer; or is this because network middleboxes, as embedded devices, are budget-optimized, and so are maybe running their CPUs at funny voltages, with low-quality RAM, etc; and DNS, as a UDP protocol, does little to prevent packets from mutating on the wire?
Thought 2: Presumably this would imply that DNS results would get bit-flipped just as often as DNS queries, no? So you'd just as often be receiving A records for bit-flipped IPs. Which you can't really do much about.
The requesting computer has a bit flip and requests the wrong domain. It even is not stopped by HTTPS depending on where the bit flip happens and how the software is written.
Is there any data to support the hypothesis that this happens often? I've never experienced it without being a human typo. I find it hard to believe in this day and age we have a single service that has high error rates no one notices.
There are plenty of substitutions that are plausible as a bit-flip but much less plausible as a human typo. For a popular service or large company, the percentage of such errors can be very small while still resulting in a high absolute number of misdirected e-mails.
My own anecdotal experience. The talk. We essentially registered some popular domain bitflips, set up some honeypot style collectors and listened. Saw way more traffic than we expected and decided it was worth offering to customers ad a proof of concept, some stuck with it for some time. Now there is a cottage industry around “domain protection” and really all you have to do register your bitflip and typo domains if you are a big company or service provider where this matters. But it was fin demonstrating the why to them :)
