lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <AANLkTi=Sg_ybZruHeKoaJ1aN=5PG_ECA06aH6E7G3h_=@mail.gmail.com>
Date: Mon, 2 Aug 2010 13:31:14 +0900
From: is it safe <istheinternetsafe@...glemail.com>
To: "Paulo Cesar Breim (PCB)" <paulo@...im.com.br>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: OpenDNS is acting improperly !!!

dig does it too.

On Sun, Aug 1, 2010 at 2:03 AM, Paulo Cesar Breim (PCB)
<paulo@...im.com.br>wrote:

> NSLookup has the same problem. Always return opendns IP.
>
> paulo
>
>
>
> On 31/07/2010, at 04:05, Jardel Weyrich wrote:
>
> NXDOMAIN manipulation is an old concern. I believe it's being redirected
> for a long time now, but they allow registered users to opt-out, afaik. And
> there are many ISPs practicing this.
>
> Additionally, if they're only manipulating A and AAAA records for NXDOMAIN
> responses, there should be no problem for an application that relies on
> existing domains. SERVFAIL must NOT be manipulated though.
>
> Why are you using ping? Use nslookup and/or dig.
>
> Here's a patch for BIND that allows you to BLACKLIST the IP addresses of
> the fake servers - http://sam.zoy.org/writings/internet/verisign/
>
> And here's a draft on this matter -
> http://tools.ietf.org/html/draft-livingood-dns-redirect-00
>
> Concluding, I'm not defending their approach - I don't like it too ;-)
>
> --
> jardel
>
> On Fri, Jul 30, 2010 at 7:23 PM, Paulo Cesar Breim <paulo@...im.com.br>wrote:
>
>> Dear everyone,
>>
>>
>> People who have changed their DNS Server to use the popular OpenDNS
>> (208.67.222.222; 208.67.220.220) are victims of a dangerous decision taken
>> by OpenDNS.
>>
>> When a user tries to access a non-existing host, OpenDNS manipulates the
>> result and provides the user with its own IP address. For example:
>>
>> Let us try to find the following server: “microsoft.apple.com”
>> If you are using OpenDNS and ping the above server this is what you get:
>>
>> ===================
>> PING microsoft.apple.com (67.215.65.132): 56data bytes
>> 64 bytes from 67.215.65.132: icmp_seq=0 ttl=49 time=192.743 ms
>> 64 bytes from 67.215.65.132: icmp_seq=1 ttl=49 time=194.997 ms
>> 64 bytes from 67.215.65.132: icmp_seq=2 ttl=49 time=200.954 ms
>> ^C
>> --- microsoft.apple.com ping statistics ---
>> 3 packets transmitted, 3 packets received, 0.0% packet loss
>> round-trip min/avg/max/stddev = 192.743/196.231/200.954/3.464 ms
>> ===================
>>
>> OpenDNS is telling the user that the server “microsoft.apple.com” not
>> only exists but its IP address is 67.215.65.132 !!!
>> ..and who is this IP?  it is OPENDNS-NET-3.
>>
>> If, instead, you use Google’s DNS and ping the above server, this is what
>> you get:
>>
>> ===================
>> PCB-2:~ paulo$ ping microsoft.apple.com
>> ping: cannot resolve microsoft.apple.com: Unknown host
>> PCB-2:~ paulo$
>> ===================
>>
>> Which is the most adequate reply from the DNS server.
>>
>> So my suggestion is that you should select and use a TRUE DNS Server.
>>
>> Paulo Cesar Breim
>>
>> People who have changed their DNS Server to use the popular OpenDNS
>> (208.67.222.222; 208.67.220.220) are victims of a dangerous decision taken
>> by OpenDNS.
>>
>> When a user tries to access a non-existing host, OpenDNS manipulates the
>> result and provides the user with its own IP address. For example:
>>
>> Let us try to find the following server: “microsoft.apple.com”
>> If you are using OpenDNS and ping the above server this is what you get:
>>
>> ===================
>> PING microsoft.apple.com (67.215.65.132): 56data bytes
>> 64 bytes from 67.215.65.132: icmp_seq=0 ttl=49 time=192.743 ms
>> 64 bytes from 67.215.65.132: icmp_seq=1 ttl=49 time=194.997 ms
>> 64 bytes from 67.215.65.132: icmp_seq=2 ttl=49 time=200.954 ms
>> ^C
>> --- microsoft.apple.com ping statistics ---
>> 3 packets transmitted, 3 packets received, 0.0% packet loss
>> round-trip min/avg/max/stddev = 192.743/196.231/200.954/3.464 ms
>> ===================
>>
>> OpenDNS is telling the user that the server “microsoft.apple.com” not
>> only exists but its IP address is 67.215.65.132 !!!
>> ..and who is this IP?  it is OPENDNS-NET-3.
>>
>> If, instead, you use Google’s DNS and ping the above server, this is what
>> you get:
>>
>> ===================
>> PCB-2:~ paulo$ ping microsoft.apple.com
>> ping: cannot resolve microsoft.apple.com: Unknown host
>> PCB-2:~ paulo$
>> ===================
>>
>> Which is the most adequate reply from the DNS server.
>>
>> So my suggestion is that you should select and use a TRUE DNS Server.
>>
>> Paulo Cesar Breim
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ