Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: FW: Question for DNS pros

From: grutz () jingojango net
Date: Tue, 3 Aug 2004 17:43:13 -0700
On Tue, Aug 03, 2004 at 05:23:16PM -0500, Frank Knobbe brazenly wrote:

hmm... I think it's a bit early to say that. After all, why doesn't it
contact other systems? Why would it have to recheck in the first place?
And why would it use a) a valid DNS query, b) and obscure, non-standard
SYN packet, and c) a DNS query *specifically* including the "pinged"
hosts' IP address in reverse notation? I strongly doubt that the F5
engineers through *that* would be a good way to see if a host is still
alive.


BigIP does some weird things, I wouldn't put it past them in their idea
of making things more efficient for users (and, conversely, more of a
hassle for admins/infosec).


Even if, what would the BigIP gain from it? Nuttin' (as we say here in
TN :)


This was originally brought up when people through windowsupdate was
attacking them or hacked.

http://slashdot.org/articles/03/08/15/1730200.shtml?tid=109&tid=126&tid=172&tid=187
http://lists.sans.org/pipermail/list/2002-January/034249.html

This stuff SOUNDS similar in weird-oddity-nature.


-- 
When little kids ask where rain comes from, I think a cute thing to tell him
is "God is crying." And if he asks why God is crying, another cute things to
tell him is "Probably because of something you did."            - Jack Handy

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: