| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 5 Aug 2004 19:22:43 +0100 From: john <john@...d-weed.com> To: bugtraq@...urityfocus.com Subject: Re: International DNS compromise? On Wed, 4 Aug 2004 22:11:01 -0700 (PDT) Zhen Shi <zhenshi99@...oo.com> wrote: > Dear all, > Recently I noticed something fishy in the DNS system > between US and China. > First, any IPs, dead or live, in China will respond > to your DNS query for some domains. For example > (screen shot with some clean-up and comments): > > C:\>nslookup > > > server 210.77.0.0 <=== pick a random IP in > China > Default Server: [210.77.0.0] > Address: 210.77.0.0 > > > www.rfa.org > Server: [210.77.0.0] > Address: 210.77.0.0 > > Non-authoritative answer: > Name: www.rfa.org > Address: 203.105.1.21 <=== you got response!!!! > > Second, every time the response is different: > > > www.rfa.org > Server: [210.77.0.0] > Address: 210.77.0.0 > > Non-authoritative answer: > Name: www.rfa.org > Address: 64.66.163.251 > <snip> It looks like it all works OK with most domain names. But rfa.org is the sort of site the Chinese would want to censor. Evidently this is part of their strategy for doing that. This has the side-effect that you could discover the list of sites being censored by systematically comparing DNS replies from a server in China with those from an uncompromised server. John
Powered by blists - more mailing lists