BugTraq
DoS against Domino 6.5.1 Jun 30 2004 07:09PM
Andreas Klein (Andreas C Klein physik uni-wuerzburg de) (1 replies)
Re: DoS against Domino 6.5.1 Jul 23 2004 06:34PM
Andreas Klein (Andreas C Klein physik uni-wuerzburg de) (1 replies)
International DNS compromise? Aug 05 2004 05:11AM
Zhen Shi (zhenshi99 yahoo com) (2 replies)
Re: International DNS compromise? Aug 05 2004 06:22PM
john (john pond-weed com)
On Wed, 4 Aug 2004 22:11:01 -0700 (PDT)
Zhen Shi <zhenshi99 (at) yahoo (dot) com [email concealed]> wrote:

> Dear all,
> Recently I noticed something fishy in the DNS system
> between US and China.
> First, any IPs, dead or live, in China will respond
> to your DNS query for some domains. For example
> (screen shot with some clean-up and comments):
>
> C:\>nslookup
>
> > server 210.77.0.0 <=== pick a random IP in
> China
> Default Server: [210.77.0.0]
> Address: 210.77.0.0
>
> > www.rfa.org
> Server: [210.77.0.0]
> Address: 210.77.0.0
>
> Non-authoritative answer:
> Name: www.rfa.org
> Address: 203.105.1.21 <=== you got response!!!!
>
> Second, every time the response is different:
>
> > www.rfa.org
> Server: [210.77.0.0]
> Address: 210.77.0.0
>
> Non-authoritative answer:
> Name: www.rfa.org
> Address: 64.66.163.251

> <snip>

It looks like it all works OK with most domain names. But rfa.org is the
sort of site the Chinese would want to censor. Evidently this is part of
their strategy for doing that.

This has the side-effect that you could discover the list of sites being
censored by systematically comparing DNS replies from a server in China
with those from an uncompromised server.

John

[ reply ]
Re: International DNS compromise? Aug 05 2004 05:36PM
John Kinsella (jlk thrashyour com)


 

Privacy Statement
Copyright 2010, SecurityFocus