| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 5 Aug 2004 10:49:39 -0700 (PDT) From: "Troy" <tjk@...oft.com> To: zhenshi99@...oo.com (Zhen Shi) Cc: bugtraq@...urityfocus.com Subject: Re: International DNS compromise? It's probably the ISP you are using. They are intercepting DNS requests and returning their own replies. It could be something malicious, but it could just as well be the ISP saving bandwidth by caching DNS queries. If they cache DNS queries they probably cache www queries as well. This is very common among ISPs outside the U.S., since traffic out of the country tends to be a lot more expensive than domestic traffic. DNS is only as trustworthy as the companies who control your network and those networks connected to it. The same is true in China and everywhere else, including the U.S. Troy > > Dear all, > Recently I noticed something fishy in the DNS system > between US and China. > First, any IPs, dead or live, in China will respond > to your DNS query for some domains. For example > (screen shot with some clean-up and comments): > > C:\>nslookup > > > server 210.77.0.0 <=== pick a random IP in > China > Default Server: [210.77.0.0] > Address: 210.77.0.0 > > > www.rfa.org > Server: [210.77.0.0] > Address: 210.77.0.0 > > Non-authoritative answer: > Name: www.rfa.org > Address: 203.105.1.21 <=== you got response!!!! > > Second, every time the response is different: > > > www.rfa.org > Server: [210.77.0.0] > Address: 210.77.0.0 > > Non-authoritative answer: > Name: www.rfa.org > Address: 64.66.163.251 > > > www.rfa.org > > Non-authoritative answer: > Name: www.rfa.org > Address: 64.33.99.47 > > > www.rfa.org > > Non-authoritative answer: > Name: www.rfa.org > Address: 128.121.126.139 > > Third, you can even get response from non-exist host > names: > > > nosuchhost.rfa.org > Server: [210.77.0.0] > Address: 210.77.0.0 > > Non-authoritative answer: > Name: nosuchhost.rfa.org > Address: 65.104.202.252 > > > nosuchhost.rfa.org > > Non-authoritative answer: > Name: nosuchhost.rfa.org > Address: 64.33.99.47 > > What on earth is really going on here? It seems the > DNS system is messed up between US and China, and its > integrity is compromised. People can be unknowingly > redirected to any where ... > > --Zhen > > > > > __________________________________ > Do you Yahoo!? > Take Yahoo! Mail with you! Get it on your mobile phone. > http://mobile.yahoo.com/maildemo >
Powered by blists - more mailing lists