Security Basics mailing list archives
Re: Is The RPC a Protocol or a winXP-Service?
From: "Alexander Lukyanenko" <sashman () ua fm>
Date: Thu, 27 Nov 2003 02:05:11 +0200
Hello, Sunday, November 23, 2003, 8:45:54 PM, you wrote: MBM> www.Rabertgraham.com in its FireWall-FAQ says these lines: MBM> [""Various errors with 127.0.0.1 : MBM> Some servers are misconfigured to map this address. MBM> On the other hand, it is also a hacker technique MBM> to cause names within the hacker domain to resolve MBM> to addresses within a company (including localhost/127.0.0.1).""] MBM> And my question is : MBM> How do they (Crackers) do that ? [the question is not related to RPC, so I answer it in another post] That is fairly simple, as since the crackers can have their own domain, they also can have their own nameserver for that domain, and they can do arbitrary things with that NS. Lets presume we have a domain crackers.must.die, whose root nameserver (the server to which all the name resolution requests for that domain are sent) is ns.crackers.must.die. Lets also presume the attacks comes from foo.crackers.must.die. If an application being hacked uses domain names for logging, it would most probably log foo.crackers.must.die. In order to resolve a hostname to an IP address, the attacked party must contact the server, in this example, ns.crackers.must.die... and that machine may be configured to return 127.0.0.1 or any other (fake or otherwise) IP address in response to the lookup request, so it will seem that an attack came from the local (or any other) machine. However, this does not impose a major threat as most systems use IP addresses for identification and logging, or can be configured to do so. Regards -- * * * * * * * * * * * * * * * * Alexander V. Lukyanenko * * mailto: sashman () ua fm * * ICQ# : 86195208 * * Phone : +380 44 458 07 23 * * GSM : +380 50 9 522 533 * * OpenPGP key ID: 75EC057C * * NIC : SASH4-UANIC * * * * * * * * * * * * * * * *
Attachment:
_bin
Description:
Current thread:
- Is The RPC a Protocol or a winXP-Service? Mr Babak Memari (Nov 25)
- Re: Is The RPC a Protocol or a winXP-Service? Byron Sonne (Nov 26)
- Re: Is The RPC a Protocol or a winXP-Service? rkc (Nov 26)
- Re: Is The RPC a Protocol or a winXP-Service? Creed Erickson (Nov 26)
- Re: Is The RPC a Protocol or a winXP-Service? Jimi Thompson (Nov 26)
- Re: Is The RPC a Protocol or a winXP-Service? Markus Müssig (Nov 26)
- Re[2]: Is The RPC a Protocol or a winXP-Service? Alexander Lukyanenko (Nov 26)
- Message not available
- Re: Is The RPC a Protocol or a winXP-Service? Dave Killion (Nov 26)
- Re: Is The RPC a Protocol or a winXP-Service? Alexander Lukyanenko (Nov 26)
- Re: Is The RPC a Protocol or a winXP-Service? mlist (Nov 26)