Podivne - zeby DNS hijack?
Tibor Bartos
bartos na rainside.sk
Čtvrtek Srpen 2 12:42:00 CEST 2001
Jozef Hitzinger wrote:
> tusite o co by mohlo kracat, resp. stretli ste uz nieco take?
Uz sa ma na to vcera vecer jeden clovek pytal. Problem bol na stroji
cyril.fmph.uniba.sk, ktory zrejme pouzivate ako DNS. Vyzeralo to
bud ako bug v bind-e, alebo ako cache poisoning. Zda sa, ze teraz to
uz je opravene. Je mozne, ze este mate (alebo ste mali) nacachovane
stare udaje. Toto je vysledok dig-u zo vcera vecera:
; <<>> DiG 9.1.1 <<>> @cyril.fmph.uniba.sk www.sme.sk
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48899
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.sme.sk. IN A
;; ANSWER SECTION:
www.sme.sk. 3561 IN A 216.65.1.69
;; AUTHORITY SECTION:
. 3598 IN NS ns0.freewebsites.com.
. 3598 IN NS ns1.freewebsites.com.
;; ADDITIONAL SECTION:
ns0.freewebsites.com. 3598 IN A 216.65.1.2
ns1.freewebsites.com. 64687 IN A 216.65.1.3
;; Query time: 159 msec
;; SERVER: 158.195.16.200#53(cyril.fmph.uniba.sk)
;; WHEN: Wed Aug 1 21:12:32 2001
;; MSG SIZE rcvd: 132
Takze ten stroj si myslel, ze root nameservery su ns0.freewebsites.com
a ns1.freewebsites.com ... co sa presne stalo, to asi budu vediet
spravcovia toho stroja.
Tibor Bartos
Další informace o konferenci Sendmail