lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <0CC789C5-DD7B-4811-97DC-4E425AD06AAF@breim.com.br>
Date: Sat, 31 Jul 2010 14:03:12 -0300
From: "Paulo Cesar Breim (PCB)" <paulo@...im.com.br>
To: Jardel Weyrich <jweyrich@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: OpenDNS is acting improperly !!!

NSLookup has the same problem. Always return opendns IP.

paulo


On 31/07/2010, at 04:05, Jardel Weyrich wrote:

> NXDOMAIN manipulation is an old concern. I believe it's being redirected for a long time now, but they allow registered users to opt-out, afaik. And there are many ISPs practicing this.
> 
> Additionally, if they're only manipulating A and AAAA records for NXDOMAIN responses, there should be no problem for an application that relies on existing domains. SERVFAIL must NOT be manipulated though.
> 
> Why are you using ping? Use nslookup and/or dig.
> 
> Here's a patch for BIND that allows you to BLACKLIST the IP addresses of the fake servers - http://sam.zoy.org/writings/internet/verisign/
> 
> And here's a draft on this matter - http://tools.ietf.org/html/draft-livingood-dns-redirect-00
> 
> Concluding, I'm not defending their approach - I don't like it too ;-)
> 
> --
> jardel
> 
> On Fri, Jul 30, 2010 at 7:23 PM, Paulo Cesar Breim <paulo@...im.com.br> wrote:
> Dear everyone,
> 
> 
> People who have changed their DNS Server to use the popular OpenDNS (208.67.222.222; 208.67.220.220) are victims of a dangerous decision taken by OpenDNS.
> 
> When a user tries to access a non-existing host, OpenDNS manipulates the result and provides the user with its own IP address. For example:
> 
> Let us try to find the following server: “microsoft.apple.com”
> If you are using OpenDNS and ping the above server this is what you get:
> 
> ===================
> PING microsoft.apple.com (67.215.65.132): 56data bytes
> 64 bytes from 67.215.65.132: icmp_seq=0 ttl=49 time=192.743 ms
> 64 bytes from 67.215.65.132: icmp_seq=1 ttl=49 time=194.997 ms
> 64 bytes from 67.215.65.132: icmp_seq=2 ttl=49 time=200.954 ms
> ^C
> --- microsoft.apple.com ping statistics ---
> 3 packets transmitted, 3 packets received, 0.0% packet loss
> round-trip min/avg/max/stddev = 192.743/196.231/200.954/3.464 ms
> ===================
> 
> OpenDNS is telling the user that the server “microsoft.apple.com” not only exists but its IP address is 67.215.65.132 !!!
> ..and who is this IP?  it is OPENDNS-NET-3.
> 
> If, instead, you use Google’s DNS and ping the above server, this is what you get:
> 
> ===================
> PCB-2:~ paulo$ ping microsoft.apple.com
> ping: cannot resolve microsoft.apple.com: Unknown host
> PCB-2:~ paulo$
> ===================
> 
> Which is the most adequate reply from the DNS server.
> 
> So my suggestion is that you should select and use a TRUE DNS Server.
> 
> Paulo Cesar Breim
> 
> People who have changed their DNS Server to use the popular OpenDNS (208.67.222.222; 208.67.220.220) are victims of a dangerous decision taken by OpenDNS.
> 
> When a user tries to access a non-existing host, OpenDNS manipulates the result and provides the user with its own IP address. For example:
> 
> Let us try to find the following server: “microsoft.apple.com”
> If you are using OpenDNS and ping the above server this is what you get:
> 
> ===================
> PING microsoft.apple.com (67.215.65.132): 56data bytes
> 64 bytes from 67.215.65.132: icmp_seq=0 ttl=49 time=192.743 ms
> 64 bytes from 67.215.65.132: icmp_seq=1 ttl=49 time=194.997 ms
> 64 bytes from 67.215.65.132: icmp_seq=2 ttl=49 time=200.954 ms
> ^C
> --- microsoft.apple.com ping statistics ---
> 3 packets transmitted, 3 packets received, 0.0% packet loss
> round-trip min/avg/max/stddev = 192.743/196.231/200.954/3.464 ms
> ===================
> 
> OpenDNS is telling the user that the server “microsoft.apple.com” not only exists but its IP address is 67.215.65.132 !!!
> ..and who is this IP?  it is OPENDNS-NET-3.
> 
> If, instead, you use Google’s DNS and ping the above server, this is what you get:
> 
> ===================
> PCB-2:~ paulo$ ping microsoft.apple.com
> ping: cannot resolve microsoft.apple.com: Unknown host
> PCB-2:~ paulo$
> ===================
> 
> Which is the most adequate reply from the DNS server.
> 
> So my suggestion is that you should select and use a TRUE DNS Server.
> 
> Paulo Cesar Breim
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 


Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ