Re: PuTTY woes at new job

Fri, 22 Feb 2008 09:48:25 -0800 

...and that is precisely how it gets around the "security". See your
request to the company internal DNS servers can not be answered without
the internal name servers going out to get the answer. They consult the
root servers to see who is SOA, then go ask them... you make your house
the SOA.
        While your company computer is not querying your SOA directly, the
company internal DNS servers are acting as a proxy... in that they are
going out and getting the info from the SOA for the domain your just
asked to resolve... and that SOA is in on your plot to take over the
world.
        In one direction your are querying, by way of the internal company
DNSes, and in the other the replies comeback to you, by way of the
internal DNSes.


On Fri, 2008-02-22 at 09:41 -0800, Alan wrote:
> On Fri, February 22, 2008 9:13 am, Michael J McCafferty wrote:
> >
> > I saw this talk at Toorcon a few years ago, when my work was more
> > security related:
> >
> > http://www.doxpara.com/dns_tc/Black_Ops_DNS_TC_files/v3_document.htm
> >
> > Wrap your head around it then make it go ! You can do anything and
> > everything you are not allowed to at work now !! Muahahaha ! Nobody ever
> > expects DNS !!!
> >
> 
> 
> Ok, if I understand this right, the idea is the the internal client makes
> DNS requests, which are then passed to my.homeserver.net, which returns
> arbitrary data in the from of TXT fields thus allowing, say, SSH to be
> encapsulated in the DNS requests.
> 
> But in a locked down environment, why would local clients be allowed DNS
> requests to the outside world?
> I would think the local DNS would be setup to resolve only mycorp.com
> addresses with web browsing setup to use a proxy (with the proxy doing the
> resolving for outside addresses).
> 
> Or maybe I'm just missing something simple.
> 
> -ajb
> 
> 
> 
-- 
************************************************************
Michael J. McCafferty
Principal, Security Engineer
M5 Hosting
http://www.m5hosting.com

You can have your own custom Dedicated Server up and running today !
RedHat Enterprise, CentOS, Fedora, Debian, OpenBSD, FreeBSD, and more
************************************************************


-- 
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list

Reply via email to