Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Incidents
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Pubstro rash

from [Valdis . Kletnieks] Network Security [Permanent Link]
Subject: Re: Pubstro rash
Date: Fri, 18 Mar 2005 13:40:44 -0500 
On Fri, 18 Mar 2005 09:30:51 CST, Joshua Berry said:

I have never had a DNS query that had a response that was over 512
bytes.  For that reason I disable all inbound DNS over 53/tcp.


Inquiring minds want to know - how do you *know* you never had a response
that was over 512 bytes? :)

(Remember - if you have EDNS0 support, you won't notice that the reply was over
512 bytes, and if you don't, it's usually likely that the incomplete response
after being truncated to 512 bytes still has enough info to mostly work.  Sure,
you may only get info on 8 of AOL's farm of MX hosts, and lose the rest because
you don't have a TCP connection - but hopefully 1 of those 8 answers anyhow.
And if it doesn't, the *next* time you try, AOL will likely hand you a different
set of round-robined addresses, and one of the new ones answers.  So all you see
from the truncation is that things burp for a while).

Attachment: pgpCJODYUqfwt.pgp
Description: PGP signature

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Netscreen 5XT SSH Traffic, Jonathan Nichols
Next by Date:  Re: Administrivia: Good mailing list social graces., Leif Ericksen
Previous by Thread:  Re: Pubstro rash, Jeff Kell
Next by Thread:  RE : Pubstro rash, Bourque Daniel
Indexes:  [Date] [Thread] [Top] [All Lists]