| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <991D7FD6-3FD8-4F15-A69E-42D0B45FF9C8@breim.com.br> Date: Fri, 30 Jul 2010 19:23:20 -0300 From: Paulo Cesar Breim (PCB) <paulo@...im.com.br> To: full-disclosure@...ts.grok.org.uk Subject: OpenDNS is acting improperly !!! Dear everyone, People who have changed their DNS Server to use the popular OpenDNS (208.67.222.222; 208.67.220.220) are victims of a dangerous decision taken by OpenDNS. When a user tries to access a non-existing host, OpenDNS manipulates the result and provides the user with its own IP address. For example: Let us try to find the following server: “microsoft.apple.com” If you are using OpenDNS and ping the above server this is what you get: =================== PING microsoft.apple.com (67.215.65.132): 56data bytes 64 bytes from 67.215.65.132: icmp_seq=0 ttl=49 time=192.743 ms 64 bytes from 67.215.65.132: icmp_seq=1 ttl=49 time=194.997 ms 64 bytes from 67.215.65.132: icmp_seq=2 ttl=49 time=200.954 ms ^C --- microsoft.apple.com ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 192.743/196.231/200.954/3.464 ms =================== OpenDNS is telling the user that the server “microsoft.apple.com” not only exists but its IP address is 67.215.65.132 !!! ..and who is this IP? it is OPENDNS-NET-3. If, instead, you use Google’s DNS and ping the above server, this is what you get: =================== PCB-2:~ paulo$ ping microsoft.apple.com ping: cannot resolve microsoft.apple.com: Unknown host PCB-2:~ paulo$ =================== Which is the most adequate reply from the DNS server. So my suggestion is that you should select and use a TRUE DNS Server. Paulo Cesar Breim People who have changed their DNS Server to use the popular OpenDNS (208.67.222.222; 208.67.220.220) are victims of a dangerous decision taken by OpenDNS. When a user tries to access a non-existing host, OpenDNS manipulates the result and provides the user with its own IP address. For example: Let us try to find the following server: “microsoft.apple.com” If you are using OpenDNS and ping the above server this is what you get: =================== PING microsoft.apple.com (67.215.65.132): 56data bytes 64 bytes from 67.215.65.132: icmp_seq=0 ttl=49 time=192.743 ms 64 bytes from 67.215.65.132: icmp_seq=1 ttl=49 time=194.997 ms 64 bytes from 67.215.65.132: icmp_seq=2 ttl=49 time=200.954 ms ^C --- microsoft.apple.com ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 192.743/196.231/200.954/3.464 ms =================== OpenDNS is telling the user that the server “microsoft.apple.com” not only exists but its IP address is 67.215.65.132 !!! ..and who is this IP? it is OPENDNS-NET-3. If, instead, you use Google’s DNS and ping the above server, this is what you get: =================== PCB-2:~ paulo$ ping microsoft.apple.com ping: cannot resolve microsoft.apple.com: Unknown host PCB-2:~ paulo$ =================== Which is the most adequate reply from the DNS server. So my suggestion is that you should select and use a TRUE DNS Server. Paulo Cesar Breim _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists