RE: [MLUG] Cable modems working?

Email address obfuscation in effect -- please click here to turn it off.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: <EMAIL:PROTECTED>
Subject: RE: [MLUG] Cable modems working?
From: "Brent Deterding" <EMAIL:PROTECTED>
Date: Mon, 3 Dec 2001 22:24:37 -0600
Importance: Normal
In-Reply-To: <EMAIL:PROTECTED>
Reply-To: EMAIL:PROTECTED
Sender: EMAIL:PROTECTED

If you're the military are you going to give out every persons phone # on every
base? Hell no!

Are you going to give out the general line so that people can call the base
without the direct person? Sure.

Split-Split DNS or Split DNS. It's all in my other longer post - but it's a good
idea.

I assess sites all the time and the FIRST and MOST VALUABLE thing I can do is
DNS recon. Social engineering, selective targetting, etc. I always love it when
I see stuff like testad1.domain.com - test Active Directory server perhaps? Gee,
that's hard :)

-- Brent

-----Original Message-----
From: EMAIL:PROTECTED
[mailto:EMAIL:PROTECTED]On Behalf Of Spurling, Shannon
Sent: Monday, December 03, 2001 8:26 AM
To: EMAIL:PROTECTED
Subject: RE: [MLUG] Cable modems working?


DNS poisoning has to be difficult. You would have to compromise a
primary server, or forge messages from it in such a way as to allow you
to appear as the primary source for the information.
As for recon, the DNS directory is a public record. Think of it like the
phone book. If you don't want to be bothered, don't be listed. That
still wouldn't protect you from war dialing (scanning), but if your
worried about giving away information in the public record, don't list.
There are services that won't work unless they can see your caller ID
(DNS verification), but if your unlisted you can't use them. If you
think about it, the whole zone transfer limiting thing is a bit stupid.
It's a lot of work to make them use the public phone book, instead of
getting a copy from the phone company. The certificates are a different
matter. That's a good idea in order to prevent poisoning by spoofing.
Zone transfers are supposed to be unidirectional, and they should be
logged (Easy to do). On a large, very active name server, it's going to
be practically impossible to maintain a list of servers allowed to do
zone transfers manually. If this is a really serious problem, they
should make BIND so that it only allows transfers to servers listed in
the NS records by default. They haven't, so I'm guessing that it's not a
big problem for them.

Shannon Spurling
WAN Engineer -Specialist

MOREnet, Network Services, Core Network
3212 LeMone Industrial Blvd.
Columbia, MO 65201

Main:(573) 884-7200   Fax:(573)884-6673

EMAIL:PROTECTED
EMAIL:PROTECTED


-----Original Message-----
From: Brent Deterding [mailto:EMAIL:PROTECTED]
Sent: Sunday, December 02, 2001 10:02 PM
To: EMAIL:PROTECTED
Subject: RE: [MLUG] Cable modems working?


There's always DNS poisoning. It's nailed some high-profile places
(Yankees,
Hillary, etc.).

The real risk is reconnaissance, but recon is the name of the
open-environment
game such as a University

-- Brent

-----Original Message-----
From: EMAIL:PROTECTED
[mailto:EMAIL:PROTECTED]On Behalf Of McNutt, Justin M.
Sent: Sunday, December 02, 2001 8:19 AM
To: EMAIL:PROTECTED
Subject: RE: [MLUG] Cable modems working?


> I don't see why they wouldn't work.  I'm at U Minn, but Mizzou's DNS
> server is working for me...
>
> # nslookup yahoo.com 128.206.2.252
>
> Server:  noc.missouri.edu
> Address:  128.206.2.252
>
> Non-authoritative answer:
> Name:    yahoo.com
> Addresses:  216.115.108.245, 216.115.108.243
>
>
> Are missouri.edu DNS servers configured so that they don't
> work for @home?

No, at least not for the moment.

128.206.2.252 will *always* work for looking up .missouri.edu,
.mizzou.edu,
and 206.128.in-addr.arpa.  That's its function.  There will soon be
another
server (probably 128.206.2.240) that does the same thing.

128.206.10.3 will not be accessible from the outside by this summer.
150.199.1.11 (argus.more.net) will probably answer queries for you, but
it
will no longer be an authoritative source.

I've thought about having the 128.206.2.* name servers reject queries
FROM
outside hosts FOR outside names, but I don't yet think it's worth the
trouble.  While I don't necessarily like the idea of providing name
service
for potentially any host on the Internet ("there's a *lot* of Internet,
as
my boss says), we don't *currently* have that much of a load problem on
128.206.2.252, and that load will only decrease with some of the changes
I
have planned for the near future.

--J
--
To unsubscribe, go to http://mlug.missouri.edu/members/edit.php

Archives are available at http://mlug.missouri.edu/list-archives/

--
To unsubscribe, go to http://mlug.missouri.edu/members/edit.php

Archives are available at http://mlug.missouri.edu/list-archives/
--
To unsubscribe, go to http://mlug.missouri.edu/members/edit.php

Archives are available at http://mlug.missouri.edu/list-archives/

--
To unsubscribe, go to http://mlug.missouri.edu/members/edit.php

Archives are available at http://mlug.missouri.edu/list-archives/

References:
- RE: [MLUG] Cable modems working?
  - From: "Spurling, Shannon" <EMAIL:PROTECTED>

Prev by Date: [MLUG] DNS poisoning for fun and profit
Next by Date: RE: [MLUG] DNS poisoning for fun and profit
Previous by thread: RE: [MLUG] Cable modems working?
Next by thread: RE: [MLUG] Cable modems working?
Index(es):
- Date
- Thread