Re: Because Re: Why?



In line

"N. Miller" <anonymous@xxxxxxxxxxxxxxxxx> wrote in message
news:jitzc2ekqrg2$.dlg@xxxxxxxxxxxxxxxxxxxx

Dave, this is pretty annoying; posting your reply *after* a sig
separator,
which causes a proper news reader to trim the quote, instead of mark
it as a
quote. In fact, your post makes it appear not to be your post at all.


Do I take it that by 'sig separator' you mean '--'?

I think you do - I started putting same in posts because I interpreted
advice from someone else as meaning that I should! There surely must be
some written guidlines somewhere on the why's and wherefore's of posting
styles. I may have read same once, but the significance of the points
you have raised have never really registered. I am really sorry to have
annoyed you - it is not intentional.



On to business ...

Just a silly idea of mine in view of the fact that the authenticity
of
the URL seemed questionable, viz:-

Reverse DNS authenticity: **** Could be forged: hostname ****
202-177-16-121.kdd.net.hk. does not exist

Perhaps you should ask Peter Foldes (who first posted the URL) what
might happen if someone were to visit that site.

Nothing. I've been there.


How can you be SO sure of that Norman?

Two phrases to be found in the Sophos article I posted today:
http://www.sophos.com/pressoffice/news/articles/2008/12/threat-report.html

""People need to wake up to the reality that the completely legitimate
website they are visiting could be harbouring a dangerous malware
infection planted by hackers."" and .............

"Internet attacks are overwhelmingly orchestrated via networks of
innocent home computers that have - UNKNOWN TO THEIR OWNERS - been
commandeered by hackers."


The "could be forged: hostname does not exist" is
not something Peter can control; he does not own that IP address. It
is a
flaw in the way that 'kdd.net.hk' has set up their IP address host
names,
nothing more. I've noticed that the APNIC ISPs tend to set up dynamic
hosts
in unusual, and unexpected ways. I am not conversant in the
requirements of
the RFCs, but I don't think an ISP is *required* to provide more than
a
generic 'in-addr.arpa' pointer for a dynamically assigned IP address,
thus:

| 12/15/08 14:28:20 dig 202.177.16.121 @ 68.94.156.1
| Dig 121.16.177.202.in-addr.arpa@xxxxxxxxxxx ...
| Non-authoritative answer
| Recursive queries supported by this server
| Query for 121.16.177.202.in-addr.arpa type=255 class=1
| 121.16.177.202.in-addr.arpa PTR (Pointer)
202-177-16-121.kdd.net.hk

Now, see what you can make of these:

| 12/15/08 14:29:23 dns aosake.net
| Mail for aosake.net is handled by reki.aosake.net
| Canonical name: aosake.net
| Addresses:
| 68.126.43.169

That is a vanity domain, though I prefer to think of it as a "hobby"
domain.
I pay to use it. But I don't own that IP address, and can't control
the host
name assigned to it (the IP address is under the control of AT&T
Internet
Services (ATTIS), who determine what host name will be used).

Then there is:

| 12/15/08 14:43:39 dns www1.aosake.net
| Mail for www1.aosake.net is handled by reki.aosake.net
| Canonical name: aosake.net
| Aliases:
| www1.aosake.net
| Addresses:
| 68.126.43.169

But, if you do a DNS lookup on the IP address, you won't get my host
name,
you get:

| 12/15/08 14:29:36 Dns 68.126.43.169
| nslookup 68.126.43.169
| Canonical name: adsl-68-126-43-169.dsl.pltn13.pacbell.net
| Addresses:
| 68.126.43.169

Which, on reverse lookup yields:

| 12/15/08 14:29:43 Dns adsl-68-126-43-169.dsl.pltn13.pacbell.net
| Canonical name: adsl-68-126-43-169.dsl.pltn13.pacbell.net
| Addresses:
| 68.126.43.169

There is no "hanky panky" here. Because AT&T assigns my IP address
dynamically, and it will change whenever either AT&T, or I, make a
change in
the PPP session, I use the services of "Dynamic DNS Network Services,
LLC"
to keep the domain pointed at whatever IP address is assigned at any
given
time. It is just one way to keep a web site on the Internet; maybe not
the
best because malicious characters can do the same thing. But it would
more
than double my monthly ISP bill (as compared with the low annual fee I
pay
DynDNS) to have a static IP address from AT&T (but I would be able to
get
AT&T to changed the reverse name to match my domain record).

As far as companies which pay for static IP address assignment, and/or
blocks of IP addresses, and/or control their own DNS records: Even
they can
be compromised by malicious actors, hijacking their domains, or
hacking
their web sites with malicious intent.

The Internet infrastructure, as currently uses, was designed when the
Internet was totally under the control of the U.S. Department of
Defense,
and access was limited, and granted by administrators who jealously
guarded
the gates, lest they lose their own government granted rights of
access.
Security was built in to the method used to vet those requesting
Internet
access; it was, basically, a "need to know" sort of thing.


This is all very interesting information, Norman, and I thank you yet
again for taking the time and trouble to help me learn.

I have been jousting with Peter Foldes both here and Annexcafe for over
two and a half years now. I think you are working on the premise that
he's one of the good guys. I believe that to be a *false* premise and I
do NOT trust him and/or his organisation.


Then along came Al Gore ...


Al Gore? .......... Say no more!

Dave


.



Relevant Pages

  • Re: Because Re: Why?
    ... not something Peter can control; he does not own that IP address. ... But I don't own that IP address, and can't control the host ... name assigned to it (the IP address is under the control of AT&T Internet ... As far as companies which pay for static IP address assignment, ...
    (microsoft.public.security)
  • Risks Digest 26.61
    ... ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ... The Coming Fascist Internet ... wrong knob turned (Pete Disdale, ... They want to control the Internet. ...
    (comp.risks)
  • RE: OT: the detection of illegal gateways
    ... Get the MAC address of each node on the network. ... Remember that almost any host on a network could have routing ... The connection that you seek may be on the other side of a windows or ... be responded to via the internet). ...
    (Pen-Test)
  • Re: A marketing question
    ... RTC Host, Viewer and Control work through firewalls and proxy servers by using the HTTP protocol, acting like a Web Browser. ...
    (borland.public.delphi.thirdpartytools.general)
  • Re: 2 pc network - cant see host files from pc 2 on pc 1
    ... If the second card is lost on HOST PC then DSL Internet does not connect. ... Ditch the second network card in the one ...
    (microsoft.public.windowsxp.security_admin)