lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 31 Jul 2010 04:05:37 -0300
From: Jardel Weyrich <jweyrich@...il.com>
To: full-disclosure@...ts.grok.org.uk
Cc: Paulo Cesar Breim <paulo@...im.com.br>
Subject: Re: OpenDNS is acting improperly !!!

NXDOMAIN manipulation is an old concern. I believe it's being redirected for
a long time now, but they allow registered users to opt-out, afaik. And
there are many ISPs practicing this.

Additionally, if they're only manipulating A and AAAA records for NXDOMAIN
responses, there should be no problem for an application that relies on
existing domains. SERVFAIL must NOT be manipulated though.

Why are you using ping? Use nslookup and/or dig.

Here's a patch for BIND that allows you to BLACKLIST the IP addresses of the
fake servers - http://sam.zoy.org/writings/internet/verisign/

And here's a draft on this matter -
http://tools.ietf.org/html/draft-livingood-dns-redirect-00

Concluding, I'm not defending their approach - I don't like it too ;-)

--
jardel

On Fri, Jul 30, 2010 at 7:23 PM, Paulo Cesar Breim <paulo@...im.com.br>wrote:

> Dear everyone,
>
>
> People who have changed their DNS Server to use the popular OpenDNS
> (208.67.222.222; 208.67.220.220) are victims of a dangerous decision taken
> by OpenDNS.
>
> When a user tries to access a non-existing host, OpenDNS manipulates the
> result and provides the user with its own IP address. For example:
>
> Let us try to find the following server: “microsoft.apple.com”
> If you are using OpenDNS and ping the above server this is what you get:
>
> ===================
> PING microsoft.apple.com (67.215.65.132): 56data bytes
> 64 bytes from 67.215.65.132: icmp_seq=0 ttl=49 time=192.743 ms
> 64 bytes from 67.215.65.132: icmp_seq=1 ttl=49 time=194.997 ms
> 64 bytes from 67.215.65.132: icmp_seq=2 ttl=49 time=200.954 ms
> ^C
> --- microsoft.apple.com ping statistics ---
> 3 packets transmitted, 3 packets received, 0.0% packet loss
> round-trip min/avg/max/stddev = 192.743/196.231/200.954/3.464 ms
> ===================
>
> OpenDNS is telling the user that the server “microsoft.apple.com” not only
> exists but its IP address is 67.215.65.132 !!!
> ..and who is this IP?  it is OPENDNS-NET-3.
>
> If, instead, you use Google’s DNS and ping the above server, this is what
> you get:
>
> ===================
> PCB-2:~ paulo$ ping microsoft.apple.com
> ping: cannot resolve microsoft.apple.com: Unknown host
> PCB-2:~ paulo$
> ===================
>
> Which is the most adequate reply from the DNS server.
>
> So my suggestion is that you should select and use a TRUE DNS Server.
>
> Paulo Cesar Breim
>
> People who have changed their DNS Server to use the popular OpenDNS
> (208.67.222.222; 208.67.220.220) are victims of a dangerous decision taken
> by OpenDNS.
>
> When a user tries to access a non-existing host, OpenDNS manipulates the
> result and provides the user with its own IP address. For example:
>
> Let us try to find the following server: “microsoft.apple.com”
> If you are using OpenDNS and ping the above server this is what you get:
>
> ===================
> PING microsoft.apple.com (67.215.65.132): 56data bytes
> 64 bytes from 67.215.65.132: icmp_seq=0 ttl=49 time=192.743 ms
> 64 bytes from 67.215.65.132: icmp_seq=1 ttl=49 time=194.997 ms
> 64 bytes from 67.215.65.132: icmp_seq=2 ttl=49 time=200.954 ms
> ^C
> --- microsoft.apple.com ping statistics ---
> 3 packets transmitted, 3 packets received, 0.0% packet loss
> round-trip min/avg/max/stddev = 192.743/196.231/200.954/3.464 ms
> ===================
>
> OpenDNS is telling the user that the server “microsoft.apple.com” not only
> exists but its IP address is 67.215.65.132 !!!
> ..and who is this IP?  it is OPENDNS-NET-3.
>
> If, instead, you use Google’s DNS and ping the above server, this is what
> you get:
>
> ===================
> PCB-2:~ paulo$ ping microsoft.apple.com
> ping: cannot resolve microsoft.apple.com: Unknown host
> PCB-2:~ paulo$
> ===================
>
> Which is the most adequate reply from the DNS server.
>
> So my suggestion is that you should select and use a TRUE DNS Server.
>
> Paulo Cesar Breim
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ