[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: FW: [Full-Disclosure] Question for DNS pros
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: Re: FW: [Full-Disclosure] Question for DNS pros
- From: grutz@xxxxxxxxxxxxxx
- Date: Tue, 3 Aug 2004 17:43:13 -0700
On Tue, Aug 03, 2004 at 05:23:16PM -0500, Frank Knobbe brazenly wrote:
> hmm... I think it's a bit early to say that. After all, why doesn't it
> contact other systems? Why would it have to recheck in the first place?
> And why would it use a) a valid DNS query, b) and obscure, non-standard
> SYN packet, and c) a DNS query *specifically* including the "pinged"
> hosts' IP address in reverse notation? I strongly doubt that the F5
> engineers through *that* would be a good way to see if a host is still
> alive.
BigIP does some weird things, I wouldn't put it past them in their idea
of making things more efficient for users (and, conversely, more of a
hassle for admins/infosec).
> Even if, what would the BigIP gain from it? Nuttin' (as we say here in
> TN :)
This was originally brought up when people through windowsupdate was
attacking them or hacked.
http://slashdot.org/articles/03/08/15/1730200.shtml?tid=109&tid=126&tid=172&tid=187
http://lists.sans.org/pipermail/list/2002-January/034249.html
This stuff SOUNDS similar in weird-oddity-nature.
--
When little kids ask where rain comes from, I think a cute thing to tell him
is "God is crying." And if he asks why God is crying, another cute things to
tell him is "Probably because of something you did." - Jack Handy
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html