lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: rguess at cox.net (Robert Guess)
Subject: Dig SCO?

I don't.

Currently there is (predictably) a lot of disinformation in the media 
about this "DoS Attack".   There have been a number of posts about the 
www.sco.com server(s) being unavailable or the "domain" being 
unavailable.  We did not have to read the "news" to get the story... we 
could have used dig.  Everyone on this list is probably familiar with 
DNS terminology and tools but for those who are not, try "dig any 
sco.com" and you should get something like this:

; <<>> DiG 9.2.1 <<>> any sco.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18734
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 4, ADDITIONAL: 8

;; QUESTION SECTION:
;sco.com. IN ANY

;; ANSWER SECTION:
sco.com. 172459 IN NS c7ns1.center7.com.
sco.com. 172459 IN NS ns.calderasystems.com.
sco.com. 172459 IN NS ns2.calderasystems.com.
sco.com. 172459 IN NS nsca.sco.com.
sco.com. 1696 IN SOA ns.calderasystems.com. hostmaster.caldera.com. 
2004020103 3600 900 604800 1800

;; AUTHORITY SECTION:
SCO.COM. 172459 IN NS c7ns1.center7.com.
SCO.COM. 172459 IN NS ns.calderasystems.com.
SCO.COM. 172459 IN NS ns2.calderasystems.com.
SCO.COM. 172459 IN NS nsca.sco.com.

;; ADDITIONAL SECTION:
c7ns1.center7.com. 172459 IN A 216.250.142.20
ns.calderasystems.com. 172459 IN A 216.250.130.1
ns2.calderasystems.com. 172459 IN A 216.250.130.5
nsca.sco.com. 172459 IN A 132.147.210.253
c7ns1.center7.com. 172459 IN A 216.250.142.20
ns.calderasystems.com. 172459 IN A 216.250.130.1
ns2.calderasystems.com. 172459 IN A 216.250.130.5
nsca.sco.com. 172459 IN A 132.147.210.253

;; Query time: 3 msec
;; SERVER: w.x.y.z
;; WHEN: Sun Feb 1 9:49:22 2004
;; MSG SIZE rcvd: 371

Notice the missing A record that should map the name www to something?
The additional section will probably feature a "www" A record after the 
12th (unless someone modifies Mydoom to persist beyond that date). 
Based upon what I know of MyDoom this was probably the best solution (in 
terms of taking the load off of ISPs and backbone segments).  I don't 
feel sorry for SCO but I cannot see any way for this "virus" to benefit 
the open source or free software communities.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ