Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: Re: Pubstro rash

Re: Pubstro rash

From: <Valdis.Kletnieks_at_vt.edu>
Date: Fri, 18 Mar 2005 13:40:44 -0500

On Fri, 18 Mar 2005 09:30:51 CST, Joshua Berry said:
> I have never had a DNS query that had a response that was over 512
> bytes. For that reason I disable all inbound DNS over 53/tcp.

Inquiring minds want to know - how do you *know* you never had a response
that was over 512 bytes? :)

(Remember - if you have EDNS0 support, you won't notice that the reply was over
512 bytes, and if you don't, it's usually likely that the incomplete response
after being truncated to 512 bytes still has enough info to mostly work. Sure,
you may only get info on 8 of AOL's farm of MX hosts, and lose the rest because
you don't have a TCP connection - but hopefully 1 of those 8 answers anyhow.
And if it doesn't, the *next* time you try, AOL will likely hand you a different
set of round-robined addresses, and one of the new ones answers. So all you see
from the truncation is that things burp for a while).

  • application/pgp-signature attachment: stored
Received on Mar 19 2005
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]