Re: lug-bg: Fwd: [net] com and net zone wildcard records
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 z napraktika ne otgovoria:)) Toi prosto vryshta hop-s... opitai sam: dig @z.gtld-servers.net www.redhat.com i shte poluchish prosto serverite za imena za TLD COM. Nishto drugo. Tova ne e rabotesht server. Prosto teglish cache. Eto kak izglezhda istinskia otgovor: [EMAIL PROTECTED] 9]# dig @b.gtld-servers.net www.redhat.com ; <<>> DiG 9.2.2rc1 <<>> @b.gtld-servers.net www.redhat.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27613 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 3 ;; QUESTION SECTION: ;www.redhat.com.IN A ;; AUTHORITY SECTION: redhat.com. 172800 IN NS ns2.redhat.com. redhat.com. 172800 IN NS ns3.redhat.com. redhat.com. 172800 IN NS ns1.redhat.com. ;; ADDITIONAL SECTION: ns2.redhat.com. 172800 IN A 66.187.224.210 ns3.redhat.com. 172800 IN A 66.187.229.10 ns1.redhat.com. 172800 IN A 66.187.233.210 ;; Query time: 515 msec ;; SERVER: 192.33.14.30#53(b.gtld-servers.net) ;; WHEN: Tue Sep 16 18:18:41 2003 ;; MSG SIZE rcvd: 134 [EMAIL PROTECTED] 9]# T.e. z ne vryshta otgovori, a podava samo hint cache... nishto poveche:)) Beco On Tuesday 16 Sep 2003 17:39, Борис Йорданов wrote: > On Tuesday 16 September 2003 21:12, Yasen Balev wrote: > > Има решение - май > > не всички root сървъри връщат бозата. > > нямам време да проверя, но някой да състави > > списъче? > > > > просто задраскваме от списъка виновните и > > това е. > > Съмнявам се, в момента само z не отговаря с > това и сигурно няма да е за > дълго. > === >= A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). > http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara > Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html > === >= -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE/ZylA+48lZPXaa+MRAv6RAJ9+S9vveOhjJfRrA+B7zAnw/WIimQCfWOfr 3jXEnFhu2qIHpfyHVVP6eVk= =dbm6 -END PGP SIGNATURE- A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: Fwd: [net] com and net zone wildcard records
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Az naistina ne iskah da se zaiazhdam i da pisha po temata.. ama tova e malko prekalenichko. Vsichki opisani v zonata na gtld-servers.net serveri za imena (t.e. imashti NS opisanie) sa ot a do m i davat edin i syshti otgovori... Viarno, che VeriSign si praviat kakvoto iskat, no pone ne sa chak takiva nekadyrnici, che da ostaviat ednite DNS serveri da davat edno, a drugite drugo kato otgovor na zaiavka. Eto i serverite za imena, koito upravliavat napraktika gTLD zonite i davat zaiavki: a.gtld-servers.net b.gtld-servers.net c.gtld-servers.net d.gtld-servers.net e.gtld-servers.net f.gtld-servers.net g.gtld-servers.net h.gtld-servers.net i.gtld-servers.net j.gtld-servers.net k.gtld-servers.net l.gtld-servers.net m.gtld-servers.net Tezi serveri davat AUTHORITATIVE-ni otgovori za gTLD domainite. Osven tiah x.gtld-servers.net raboti i vryshta otgovori, no i toi podava bogus wildcard-a. Primer [EMAIL PROTECTED] home]# dig @a.gtld-servers.net -t ns com ; <<>> DiG 9.2.2 <<>> @a.gtld-servers.net -t ns com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33777 ;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13 ;; QUESTION SECTION: ;com. IN NS ;; ANSWER SECTION: com.172800 IN NS i.gtld-servers.net. com.172800 IN NS j.gtld-servers.net. com.172800 IN NS d.gtld-servers.net. com.172800 IN NS g.gtld-servers.net. com.172800 IN NS l.gtld-servers.net. com.172800 IN NS e.gtld-servers.net. com.172800 IN NS f.gtld-servers.net. com.172800 IN NS c.gtld-servers.net. com.172800 IN NS k.gtld-servers.net. com.172800 IN NS m.gtld-servers.net. com.172800 IN NS b.gtld-servers.net. com.172800 IN NS h.gtld-servers.net. com.172800 IN NS a.gtld-servers.net. ;; ADDITIONAL SECTION: i.gtld-servers.net. 172800 IN A 192.43.172.30 j.gtld-servers.net. 172800 IN A 192.48.79.30 d.gtld-servers.net. 172800 IN A 192.31.80.30 g.gtld-servers.net. 172800 IN A 192.42.93.30 l.gtld-servers.net. 172800 IN A 192.41.162.30 e.gtld-servers.net. 172800 IN A 192.12.94.30 f.gtld-servers.net. 172800 IN A 192.35.51.30 c.gtld-servers.net. 172800 IN A 192.26.92.30 k.gtld-servers.net. 172800 IN A 192.52.178.30 m.gtld-servers.net. 172800 IN A 192.55.83.30 b.gtld-servers.net. 172800 IN A 192.33.14.30 h.gtld-servers.net. 172800 IN A 192.54.112.30 a.gtld-servers.net. 172800 IN A 192.5.6.30 ;; Query time: 436 msec ;; SERVER: 192.5.6.30#53(a.gtld-servers.net) ;; WHEN: Tue Sep 16 18:02:55 2003 ;; MSG SIZE rcvd: 453 [EMAIL PROTECTED] home]# Vizhte flaga "aa". Proverete posle sami slednoto: $ dig @X.gtld-servers.net www.nesyshtestvuvasht-domain.com kato menite X ot a do m i shte vidite, che vsichki te vryshtat bogus wildcard zapisa. Drugi serveri za imena za gTLD zonite poddyrzhani ot VeriSign niama! Kyde gi vizhdate ne moga da razbera. Edinstvenia do momenta nachin da se premahne problema e da se filtruva bogus wildcard adresa 64.94.110.11 i da se sledi dali VeriSign, koito sa stari moshenici, niama da go smeniat po niakoe vreme. Beco On Tuesday 16 Sep 2003 21:12, Yasen Balev wrote: > Има решение - май > не всички root сървъри връщат бозата. > нямам време да проверя, но някой да състави > списъче? > > просто задраскваме от списъка виновните и > това е. > > On Tuesday 16 September 2003 14:54, Борис Йорданов wrote: > > За Боян Кроснов - надявам се нямаш против, че > > го поствам тук. Смятам, че > > ще > > === >= A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). > http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara > Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html > === >= -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE/ZyiC+48lZPXaa+MRAmGxAJ92UopZ7FRFKIhHmBknEpw/pkexeQCfetDI 2EQyIoQwinLlsYAqkisV95k= =SSxn -END PGP SIGNATURE- A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html ===
Re: lug-bg: Fwd: [net] com and net zone wildcard records
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 e puk az vijdam samo 25-ti port otvoren... za kakvo http govorim? :) za tezi na koito im e interesno : [EMAIL PROTECTED]:/mnt/storage]# nmap -vvv -sS -P0 -O 64.94.110.11 Starting nmap 3.27 ( www.insecure.org/nmap/ ) at 2003-09-16 17:43 EEST Host sitefinder-idn.verisign.com (64.94.110.11) appears to be up ... good. Initiating SYN Stealth Scan against sitefinder-idn.verisign.com (64.94.110.11) at 17:43 Adding open port 25/tcp The SYN Stealth Scan took 159 seconds to scan 1623 ports. For OSScan assuming that port 25 is open and port 1 is closed and neither are firewalled Insufficient responses for TCP sequencing (3), OS detection may be less accurate For OSScan assuming that port 25 is open and port 1 is closed and neither are firewalled Insufficient responses for TCP sequencing (3), OS detection may be less accurate For OSScan assuming that port 25 is open and port 1 is closed and neither are firewalled Insufficient responses for TCP sequencing (2), OS detection may be less accurate Interesting ports on sitefinder-idn.verisign.com (64.94.110.11): (The 1603 ports scanned but not shown below are in state: closed) Port State Service 23/tcp filteredtelnet 25/tcp opensmtp 79/tcp filteredfinger 80/tcp filteredhttp 135/tcpfilteredloc-srv 136/tcpfilteredprofile 137/tcpfilterednetbios-ns 138/tcpfilterednetbios-dgm 139/tcpfilterednetbios-ssn 161/tcpfilteredsnmp 162/tcpfilteredsnmptrap 445/tcpfilteredmicrosoft-ds 514/tcpfilteredshell /tcp filteredkrb524 4899/tcp filteredradmin 6969/tcp filteredacmsoda 12345/tcp filteredNetBus 12346/tcp filteredNetBus 31337/tcp filteredElite 54320/tcp filteredbo2k No exact OS matches for host (If you know what OS is running on it, see http://www.insecure.org/cgi-bin/nmap-submit.cgi). TCP/IP fingerprint: SInfo(V=3.27%P=i686-pc-linux-gnu%D=9/16%Time=3F672263%O=25%C=1) T1(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW) T2(Resp=N) T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW) T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=) T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) T7(Resp=N) PU(Resp=N) Uptime 40.695 days (since Thu Aug 7 01:06:15 2003) Nmap run completed -- 1 IP address (1 host up) scanned in 194.130 seconds On Tuesday 16 September 2003 15:54, Борис Йорданов wrote: > За Боян Кроснов - надявам се нямаш против, че > го поствам тук. Смятам, че ще > представлява интерес за групата. - -- Regards, Kamen Sharlandjiev System Administrator NetBG Communication ICQ: 50729493 Tel: +359 2 962 43 52 Cell Phone: +359 887 233 900 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/ZyjtkdFVw8Y0fT0RAssLAKCSwc8AfRLz+QhrcupNB4hUfoIT1gCdH68r V4TyJdEGtAxeqpgF0Dbp6+w= =QAHN -END PGP SIGNATURE- A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: Fwd: [net] com and net zone wildcard records
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tuesday 16 September 2003 21:12, Yasen Balev wrote: > Има решение - май > не всички root сървъри връщат бозата. > нямам време да проверя, но някой да състави > списъче? > > просто задраскваме от списъка виновните и > това е. Съмнявам се, в момента само z не отговаря с това и сигурно няма да е за дълго. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE/ZyCKKDHlLar/ewgRAoRkAJ47F2KY+HWeJb/uJl1wz3YEu1lp3gCgo5Iy wf1GtICCfbxdvUXfgNzCOYs= =hPgv -END PGP SIGNATURE- A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: Fwd: [net] com and net zone wildcard records
Има решение - май не всички root сървъри връщат бозата. нямам време да проверя, но някой да състави списъче? просто задраскваме от списъка виновните и това е. On Tuesday 16 September 2003 14:54, Борис Йорданов wrote: > За Боян Кроснов - надявам се нямаш против, че > го поствам тук. Смятам, че ще A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
lug-bg: Fwd: [net] com and net zone wildcard records
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 За Боян Кроснов - надявам се нямаш против, че го поствам тук. Смятам, че ще представлява интерес за групата. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE/ZwgSKDHlLar/ewgRAtsbAJ9cdLoOU1L5hMy9zngBkXwljJiS6QCeMz5G Bz245XcKoFlmsnMAus9/920= =3E7p -END PGP SIGNATURE- --- Begin Message --- Ot dnes sutrinta Verisign vryshtat A zapis za vsqko ime v neregistriran domain v .com i .net tld zonite. primer: [EMAIL PROTECTED]:~/web/stuff$ dig www.boyan-krosnov.com @a.gtld-servers.net ; <<>> DiG 9.2.1 <<>> www.boyan-krosnov.com @a.gtld-servers.net ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56575 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 13 ;; QUESTION SECTION: ;www.boyan-krosnov.com. IN A ;; ANSWER SECTION: www.boyan-krosnov.com. 900 IN A 64.94.110.11 - i t.n. Tova e ujasna ideq i schupva nqkolko fundamentalno vajni neshta. Pyrvite za koito se seshtam: 1. domain s dva MX recorda. MX record-a s po-golqm prioritet e s sbyrkano ime primerno ludost.net. MX 10 mx1.ladost.net ludost.net. MX 20 mx2.ludost.net Do sega tazi shema e rabotila vypreki pravopisnata greshka v konfiguraciqta. Sega vichkata poshta za ludost net shte hodi na mx1.ladost.net -> 64.91.110.11 i shte se dropi tam 2. Do sega v SMTP protokola kogato nqkoj se opita da se predstavi s HELO, s ime koeto ne syshtestvuva, konekciqta se prekysva. Sega vsqko ime v .com i .net syshtestvuva. Syshto imeto na domain ili host ot envelope from adresa (RCPT TO: komandata) e zadyljitelno da syshtestvuva . Sega vseki izmislen host v .com i .net syshtestvuva. 3. WPAC (web proxy auto-configuration). Predstavete si windows 2000 pc s konfiguriran domain ahglhdskjg.com i ime alabala.ahglhdskjg.com. S nastrojkite po podrazbirane pc-to shte pita za A zapis za wpac.ahglhdskjg.com. posle shte se opita da se vyrje na tazi mashina i da iztegli fail za avtomatichna nastojka na proxy-to. E, sega veche e vyzmojno Verisign (ili kojto hackne web servera im) da vi nastroi kakvoto proxy na nego mu e udobno na vsichki mashini s defaultni nastrojki i nesyshtestvuvash domain. 4. Security probiv v tozi web server 64.91.110.11 avtomatichno dava na napadatelq vyzmojnost da pronikni v milioni sistemi po celiq svqt (windows-i s nepatchnati internet exploreri). Da vi e chestit doom-a na internet-a. 5. Nishto konkretno ne pravqt v momenta s vsichki drugi paketi i konekcii koito sluchajno popadat tam ( za sega obrabotvat samo HTTP i SMTP) , no nishto ne gi spira da zapochnat da obrabotvat primerno pop3 i da kradat paroli na potrebiteli, koito si vyvejdat imeto mail syrvyra greshno. Tova e edin ogromen probiv v privacy-to ne vsichki ni. 6. Web server i SMTP software kojto se tyrkalq na tozi adres ne e bezbygav. Vidqh veche cross-site scripting prez http syrvyra tam, a smtp syrvyra e v totalno narushenie na edna kamara rfc-ta. -- Vyprosa e kakvo da pravim i tozi pyt nqma da vi kazvam kakvo mislq az da pravq za da ne naklonq diskusiqta v edna ili druga posoka. BR, Boyan Krosnov, CCIE#8701 and more just another techie speaking for himself --- End Message ---