Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Re: rfc1918 space dns requests
From: Valdis.Kletnieks () vt edu
Date: Tue, 16 Mar 2004 16:15:27 -0500

On Tue, 16 Mar 2004 20:44:56 +0100, martin f krafft <madduck () madduck net>  said:

also sprach Valdis.Kletnieks () vt edu <Valdis.Kletnieks () vt edu> [2004.03.16.1=
812 +0100]:
2) We've got applications making DNS requests that get forwarded
out to the ISP's servers, where they will almost certainly result
in either an error reply or a timeout  Find ways to use this to
your advantage.

I would be interested in how you do that.

The obvious is that the usual DNS spoofing hacks often only have a
few milliseconds for you to stick in a bogus packet before the real DNS
answers - here you have entire seconds to play with.

For ease of maintenance, I have my primary DNS respond with RFC 1918
addresses for my internal machines. That is, my internal machines
are resolved by a primary DNS server out there on the 'Net, e.g.
sky.madduck.net. I fail to see how this can be a security problem.

I know you well enough to know that you almost certainly Got It Right.

I agree that RFC 1918 slipping out by accident could be an
indication of problems in the network, drawing hackers attention
rightfully so.

For every one of you, there's probably hundreds of these Getting It Wrong.

Bet there's a bunch over at the Dept of the Interior. :)

Attachment: _bin

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]