| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: pauls at utdallas.edu (Paul Schmehl) Subject: FW: Question for DNS pros --On Saturday, July 24, 2004 10:16 AM -0500 Suzi and Harold VanPatten <vanpattens@...logy.net> wrote: > > It seems to me you could do this without setting up a dns server. Just > tcpdump the traffic or sniff or snoop the traffic. It you set it up with > a snaplength of 1500 you'll get enough of the packet to see exactly what > dns query is being asked...something like > tcpdump -n -s 1500 udp and port 53 and host 1.2.3.4 > I already did this, and I already posted it here. It didn't reveal anything that I wasn't already aware of - ns requests and ptr requests for that IP. > then you'll be able to tell if the queries are all for one specific > domain (meaning something has that IP registered as an authoritative > server for that domain) or are the queries for many different domains > meaning people think you have a dns server they can use as a resolver. > As I already stated, they're coming from all over. > Same with issue number one, once you know the domain they are querying, > you can find the POC of that domain and get them to fix the problem. > Hopefully, it is one of these two issues. Good luck! That's the one piece I don't have yet - what domain is being queried. Thus the request for suggestions here. Paul Schmehl (pauls@...allas.edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu
Powered by blists - more mailing lists