lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: grutz at jingojango.net (grutz@...gojango.net)
Subject: FW: Question for DNS pros

On Tue, Aug 03, 2004 at 05:23:16PM -0500, Frank Knobbe brazenly wrote:
> hmm... I think it's a bit early to say that. After all, why doesn't it
> contact other systems? Why would it have to recheck in the first place?
> And why would it use a) a valid DNS query, b) and obscure, non-standard
> SYN packet, and c) a DNS query *specifically* including the "pinged"
> hosts' IP address in reverse notation? I strongly doubt that the F5
> engineers through *that* would be a good way to see if a host is still
> alive.

BigIP does some weird things, I wouldn't put it past them in their idea
of making things more efficient for users (and, conversely, more of a
hassle for admins/infosec).

> Even if, what would the BigIP gain from it? Nuttin' (as we say here in
> TN :)

This was originally brought up when people through windowsupdate was
attacking them or hacked.

http://slashdot.org/articles/03/08/15/1730200.shtml?tid=109&tid=126&tid=172&tid=187
http://lists.sans.org/pipermail/list/2002-January/034249.html

This stuff SOUNDS similar in weird-oddity-nature.


-- 
When little kids ask where rain comes from, I think a cute thing to tell him
is "God is crying." And if he asks why God is crying, another cute things to
tell him is "Probably because of something you did."		- Jack Handy


Powered by blists - more mailing lists