On 02/03/2009 12:11 AM, Ben Scott wrote:
So, we had around 100 of these show up in the log
A hundred doesn't sound like enough to cause any trouble for the usual
BIND exploits or DoS's nor are the names astonishingly long or anything.
Odd.
-Bill
--
Bill McGonigle, Owner Work:
Great story, but illustrative of the problem:
On 02/01/2009 04:11 PM, Jon 'maddog' Hall wrote:
Whether or not Dennis wanted to change it, UNIX(R) as registered by
the Open Group, holder of the standard, the brand and the trademark, is
UNIX (all big caps).
Which is why most folks avoid its
On 02/02/2009 12:35 AM, virgins...@vfemail.net wrote:
Instead of
hosting a Web site in order to host a Web site, people are putting
pages on third-party services like Facebook.
Most people don't want websites, actually. They want to share photos
and prose with their friends. Fewer still
On Tue, 2009-02-03 at 00:11 -0500, Ben Scott wrote:
So, we had around 100 of these show up in the log from Sunday on
liberty.gnhlug.org, all from the same IP address, all with similar
but apparently never the same name pattern:
client 192.0.2.42 query (cache)
I remember when Unix (instead of UNIX) first started appearing. It
was when the popular press started writing about it. I was working for
DEC and there was a flurry that lasted for about two or three months
while our legal department kept trying to get the press to do all CAPS
in the press
On February 03, 2009, Cole Tuininga sent me the following:
On Tue, 2009-02-03 at 00:11 -0500, Ben Scott wrote:
client 192.0.2.42 query (cache)
'aaccmmfwxdlaaabaaafbbfpg/NS/IN' denied: 1 Time(s)
client 192.0.2.42 query (cache)
'abbcnefwxdlaaabaaafbkkag/NS/IN' denied: 1
On Tue, Feb 3, 2009 at 11:07 AM, Chip Marshall c...@2bithacker.net wrote:
Could be cache-probing as well. ... Not sure how useful
it is to know what people have been looking up ...
But none of those domain names are even close to valid, and while I
didn't check each and every one, it didn't
On February 03, 2009, Ben Scott sent me the following:
But none of those domain names are even close to valid, and while I
didn't check each and every one, it didn't look like there were any
repeats. How would that lead to info about cached queries?
Oh, I thought you had obfuscared the
On Tue, Feb 3, 2009 at 9:35 AM, Thomas Charron twaf...@gmail.com wrote:
Your example is slightly counter to your argument. The thought put
forth is that everyone can run a server of their own, with their own
web sites, etc. So I'd be thomaschar...@kilomonkies.com. And how is
gnhlug.org
On Tue, Feb 03, 2009 at 12:44:01PM -0500, Chip Marshall wrote:
On February 03, 2009, Ben Scott sent me the following:
But none of those domain names are even close to valid, and while I
didn't check each and every one, it didn't look like there were any
repeats. How would that lead to
On Tue, Feb 3, 2009 at 4:41 AM, Bill McGonigle b...@bfccomputing.com wrote:
On 02/02/2009 12:35 AM, virgins...@vfemail.net wrote:
Instead of
hosting a Web site in order to host a Web site, people are putting
pages on third-party services like Facebook.
Most people don't want websites,
On Tue, Feb 3, 2009 at 3:08 PM, virgins...@vfemail.net wrote:
But judging by the differences between the queries, this is
more likely a known-plaintext attack on a WEP, a VPN,
or similar.
Okay, I might buy that, but what's it doing on our DNS server? This
wasn't simply a misconfigured DNS
On Tue, Feb 03, 2009 at 05:11:51PM -0500, Bruce Dawson wrote:
Is it possible those strings are I18l names? (I seem to remember there
being a movement a while back trying to international-ize the DNS space.)
Like punycoded? Seems like you'd just see ASCII names starting with
xn-- for that;
Date: Tue, 3 Feb 2009 16:52:01 -0500
From: Ben Scott dragonh...@gmail.com
On Tue, Feb 3, 2009 at 3:08 PM, virgins...@vfemail.net wrote:
But judging by the differences between the queries, this is
more likely a known-plaintext attack on a WEP, a VPN,
or similar.
Okay, I might buy
Based on Jarod Wilson's information, I purchased one of the following:
Mfg: StarTech
Mfg P/N: USB2105S
Chipset: Moschip 7830
Linux driver: mcs7830
Supplier: CDW
Supplier P/N: 1288904
Cost: $12.99 + S/H/tax
http://www.cdw.com/shop/products/default.aspx?edc=1288904
It works pretty well for the
On Tue, Feb 3, 2009 at 1:11 PM, Mark E. Mallett m...@mv.mv.com wrote:
It's possible that somebody's testing using random query names instead
of . -- . is pretty easy to look for in the logs, but the random
names are more difficult.
So why not just query for google.com. or something else
Is it possible those strings are I18l names? (I seem to remember there
being a movement a while back trying to international-ize the DNS space.)
--Bruce
Ben Scott wrote:
On Tue, Feb 3, 2009 at 1:11 PM, Mark E. Mallett m...@mv.mv.com wrote:
It's possible that somebody's testing using random
On Tue, Feb 3, 2009 at 6:29 PM, virgins...@vfemail.net wrote:
Okay, I might buy that, but what's it doing on our DNS server?
If the payload space being searched included the destination IP field,
the destination IP could just coincidentally have been that of
liberty.
Maybe I'm
Date: Tue, 3 Feb 2009 18:58:51 -0500
From: Ben Scott dragonh...@gmail.com
On Tue, Feb 3, 2009 at 6:29 PM, virgins...@vfemail.net wrote:
Okay, I might buy that, but what's it doing on our DNS server?
If the payload space being searched included the destination IP field,
the destination
On Wed, Feb 4, 2009 at 12:11 AM, virgins...@vfemail.net wrote:
Close. Known plaintext is when you know the plaintext P1 for a
corresponding ciphertext C1 and want to know the plaintext P2 for
another ciphertext C2. There are many ways of achieving that, but the
most *general* is finding the
20 matches
Mail list logo
