Re: [Full-Disclosure] Re: rfc1918 space dns requests

Valdis.Kletnieks_at_vt.edu
Date: 03/16/04

  • Next message: Geoincidents: "Re: [Full-Disclosure] Re: Microsoft Security, baby steps ?" 
    To: martin f krafft <madduck@madduck.net>
Date: Tue, 16 Mar 2004 16:15:27 -0500

    On Tue, 16 Mar 2004 20:44:56 +0100, martin f krafft <madduck@madduck.net> said:

    > also sprach Valdis.Kletnieks@vt.edu <Valdis.Kletnieks@vt.edu> [2004.03.16.1=
    > 812 +0100]:
    > > 2) We've got applications making DNS requests that get forwarded
    > > out to the ISP's servers, where they will almost certainly result
    > > in either an error reply or a timeout Find ways to use this to
    > > your advantage.
    >
    > I would be interested in how you do that.

    The obvious is that the usual DNS spoofing hacks often only have a
    few milliseconds for you to stick in a bogus packet before the real DNS
    answers - here you have entire seconds to play with.

    > For ease of maintenance, I have my primary DNS respond with RFC 1918
    > addresses for my internal machines. That is, my internal machines
    > are resolved by a primary DNS server out there on the 'Net, e.g.
    > sky.madduck.net. I fail to see how this can be a security problem.

    I know you well enough to know that you almost certainly Got It Right.

    > I agree that RFC 1918 slipping out by accident could be an
    > indication of problems in the network, drawing hackers attention
    > rightfully so.

    For every one of you, there's probably hundreds of these Getting It Wrong.

    Bet there's a bunch over at the Dept of the Interior. :)

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Geoincidents: "Re: [Full-Disclosure] Re: Microsoft Security, baby steps ?"