Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Microsoft DNS resolver: deliberately sabotaged hosts-file lookup

From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Fri, 14 Apr 2006 16:03:53 +1200
John Doe wrote:


I don't even get the same IP address for that. I have 64.4.52.189 .
I tried to change it in the host files with the same results. Next I will
block that IP in my firewall and see what happens.


Think load-balancing, dynaminc content distribution hosting, etc.

Ahhhh...

So, the exception is not that the IP is hard-coded, but that the DNS 
resolver skips looking in hosts for that _domain_ and necessarily does 
a network DNS lookup...


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: