nanog mailing list archives

Re: Collecting PTR names or IP addresses (Was: Re: IRC Bot list (cross posting))

From: Gadi Evron <gadi () tehila gov il>
Date: Mon, 14 Feb 2005 11:31:33 +0200

        PTR records are just as pointless as A records...
        in a secured DNS heirarchy, this is less of an issue


We are not quite there yet, are we?

        since you have to spoof the entire delegation chain.
        so either trust the DNS (both forward and reverse)
        or not.  For forensics, collect the DNS lables and the
        IP addresses associated w/ them.

        and yes, i have seen DNS spoofing in the wild, both A
        and PTR, although A spoofing is much more pronounced.


Question is, why bother and spoof?

Current thread:

Re: IRC Bot list (cross posting), (continued)
- - Re: IRC Bot list (cross posting) Petri Helenius (Feb 09)
- Re: IRC Bot list (cross posting) Jim Popovitch (Feb 08)
  - Re: IRC Bot list (cross posting) Jim Popovitch (Feb 08)
  - Re: IRC Bot list (cross posting) william(at)elan.net (Feb 08)
    - Re: IRC Bot list (cross posting) Bill Nash (Feb 08)
    - Re: IRC Bot list (cross posting) william(at)elan.net (Feb 08)
    - Re: IRC Bot list (cross posting) Scott Weeks (Feb 08)
- Message not available
  - Re: [unisog] Collecting PTR names rather than IP addresses (Was: Re: IRC Bot list (cross posting)) Valdis . Kletnieks (Feb 09)
- Collecting PTR names or IP addresses (Was: Re: IRC Bot list (cross posting)) Ketil Froyn (Feb 11)
  - Re: Collecting PTR names or IP addresses (Was: Re: IRC Bot list (cross posting)) bmanning (Feb 11)
    - Re: Collecting PTR names or IP addresses (Was: Re: IRC Bot list (cross posting)) Gadi Evron (Feb 14)
  - Re: Collecting PTR names or IP addresses (Was: Re: IRC Bot list (cross posting)) Adam Jacob Muller (Feb 11)
    - Re: Collecting PTR names or IP addresses (Was: Re: IRC Bot list (cross posting)) Gadi Evron (Feb 14)
  - Re: Collecting PTR names or IP addresses (Was: Re: IRC Bot list (crossposting)) Gadi Evron (Feb 14)
    - Re: Collecting PTR names or IP addresses (Was: Re: IRC Bot list (crossposting)) Ketil Froyn (Feb 14)
    - Re: Collecting PTR names or IP addresses (Was: Re: IRC Bot list (crossposting)) Kevin (Feb 14)
    - Re: Collecting PTR names or IP addresses (Was: Re: IRC Bot list (crossposting)) Gadi Evron (Feb 14)
- RE: IRC Bot list (cross posting) Hannigan, Martin (Feb 08)
  - RE: IRC Bot list (cross posting) Bill Nash (Feb 08)
    - Re: IRC Bot list (cross posting) Gadi Evron (Feb 09)
    - Re: IRC Bot list (cross posting) Michael Loftis (Feb 09)

(Thread continues...)