lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <09810E1EA887DC4E8428FD670C87E134FBAF76@SPESMAL01.cpn.net>
Date: Fri, 6 Aug 2004 08:46:20 -0700
From: "Mike Clark" <mclark@...arpathnet.com>
To: <travis.alexander@...amas.org>, <zhenshi99@...oo.com>,
	<bugtraq@...urityfocus.com>
Subject: RE: International DNS compromise?


I've seen this before with companies that provide content for people in
China. The last company I talked to about this used proxy servers and
had people hosting content all over the country(US)to avoid the
filtering/blocking by the Chinese government. It seemed to work pretty
well.

-Mike

-----Original Message-----
From: travis.alexander@...amas.org [mailto:travis.alexander@...amas.org]

Sent: Thursday, August 05, 2004 10:37 AM
To: zhenshi99@...oo.com; bugtraq@...urityfocus.com
Subject: RE: International DNS compromise? 


I got six different results, meaning six different server IP's.

1. 64.33.99.47
2. 207.12.88.98
3. 208.56.31.43
4. 216.221.188.182
5. 65.160.219.113
6. 65.104.202.252

All US owned IP addresses. Yes this is very interesting. So what does
this mean, or potentially mean...?

Travis.

-----Original Message-----
From: Zhen Shi [mailto:zhenshi99@...oo.com]
Sent: Wednesday, August 04, 2004 10:11 PM
To: bugtraq@...urityfocus.com
Subject: International DNS compromise? 


Dear all,
  Recently I noticed something fishy in the DNS system
between US and China. 
  First, any IPs, dead or live, in China will respond
to your DNS query for some domains. For example
(screen shot with some clean-up and comments): 

C:\>nslookup

> server 210.77.0.0     <=== pick a random IP     in
China 
Default Server:  [210.77.0.0]
Address:  210.77.0.0

> www.rfa.org
Server:  [210.77.0.0]
Address:  210.77.0.0

Non-authoritative answer:
Name:    www.rfa.org
Address:  203.105.1.21  <=== you got response!!!!

  Second, every time the response is different: 

> www.rfa.org
Server:  [210.77.0.0]
Address:  210.77.0.0

Non-authoritative answer:
Name:    www.rfa.org
Address:  64.66.163.251

> www.rfa.org

Non-authoritative answer:
Name:    www.rfa.org
Address:  64.33.99.47

> www.rfa.org

Non-authoritative answer:
Name:    www.rfa.org
Address:  128.121.126.139

 Third, you can even get response from non-exist host
names: 

> nosuchhost.rfa.org
Server:  [210.77.0.0]
Address:  210.77.0.0

Non-authoritative answer:
Name:    nosuchhost.rfa.org
Address:  65.104.202.252

> nosuchhost.rfa.org

Non-authoritative answer:
Name:    nosuchhost.rfa.org
Address:  64.33.99.47

  What on earth is really going on here? It seems the
DNS system is messed up between US and China, and its
integrity is compromised. People can be unknowingly
redirected to any where ... 

--Zhen



		
__________________________________
Do you Yahoo!?
Take Yahoo! Mail with you! Get it on your mobile phone.
http://mobile.yahoo.com/maildemo 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ