Unpacking .zip: A First Look at Domain and File Name Confusion

TL;DR

This paper investigates the overlap between DNS and filename namespaces, highlighting potential security issues through empirical case studies and offering guidance for future research.

Contribution

It provides the first enumeration of DNS/filename confusion abuse and empirical analysis of its presence across various software systems.

Findings

Identified suspected DNS/filename confusion in multiple software applications.

Highlighted potential security concerns stemming from namespace overlaps.

Offered preliminary guidance for future research on DNS and filename confusion.

Abstract

The namespace for filenames and DNS names has overlapped since the introduction of DNS in 1985: \texttt{.com} was the original binary format used for DOS and CP/M systems. Recently the introduction of gTLDs such as \texttt{.zip} and \texttt{.mov}, coupled with the growing prevalence of web resources, has ignited new concerns about potential issues related to DNS and filename confusion. Thus far, the discourse on DNS/filename confusion has been piecemeal and hypothetical, making it unclear what, if any, security concerns credibly exist. To address this gap, we provide the first enumeration of how DNS/filename confusion can be abused. We then perform the first empirical case studies of DNS/filename confusion in the wild, which highlights suspected confusion across a wide range of software. Finally, based on our preliminary findings, we provide suggestions and guidance for future research on this topic.