On Wed, Feb 4, 2009 at 8:31 AM, virgins...@vfemail.net wrote:
Date: Wed, 4 Feb 2009 00:45:17 -0500
From: Thomas Charron twaf...@gmail.com
Cc: gnhlug-discuss@mail.gnhlug.org
WHAT Cryptosystem? How do you jump from '100 oddball DNS requests'
to 'cryptosystem'?
Have you been following the
On Wed, Feb 4, 2009 at 10:38 AM, virgins...@vfemail.net wrote:
Date: Wed, 4 Feb 2009 09:44:28 -0500
From: Thomas Charron twaf...@gmail.com
Cc: gnhlug-discuss@mail.gnhlug.org
your saying, but how you got there is an awfully rocky road. For
instance, you logic is flawed when it comes to it
Date: Wed, 4 Feb 2009 00:45:17 -0500
From: Thomas Charron twaf...@gmail.com
Cc: gnhlug-discuss@mail.gnhlug.org
WHAT Cryptosystem? How do you jump from '100 oddball DNS requests'
to 'cryptosystem'?
Have you been following the known plaintext attack thread? If not,
please reread.
You
Date: Wed, 4 Feb 2009 11:15:26 -0500
From: Thomas Charron twaf...@gmail.com
Cc: gnhlug-discuss@mail.gnhlug.org
The entire purpose for the attack potentials you meantioned would
have NOTHING to do with attacking liberty.
Correct.
To break it down, the sort of attack you are infering
On Wed, Feb 4, 2009 at 1:00 PM, virgins...@vfemail.net wrote:
Date: Wed, 4 Feb 2009 11:15:26 -0500
From: Thomas Charron twaf...@gmail.com
Cc: gnhlug-discuss@mail.gnhlug.org
To break it down, the sort of attack you are infering would be
utilized when an entity was able to observe some form
On 02/03/2009 12:11 AM, Ben Scott wrote:
So, we had around 100 of these show up in the log
A hundred doesn't sound like enough to cause any trouble for the usual
BIND exploits or DoS's nor are the names astonishingly long or anything.
Odd.
-Bill
--
Bill McGonigle, Owner Work:
On Tue, 2009-02-03 at 00:11 -0500, Ben Scott wrote:
So, we had around 100 of these show up in the log from Sunday on
liberty.gnhlug.org, all from the same IP address, all with similar
but apparently never the same name pattern:
client 192.0.2.42 query (cache)
On February 03, 2009, Cole Tuininga sent me the following:
On Tue, 2009-02-03 at 00:11 -0500, Ben Scott wrote:
client 192.0.2.42 query (cache)
'aaccmmfwxdlaaabaaafbbfpg/NS/IN' denied: 1 Time(s)
client 192.0.2.42 query (cache)
'abbcnefwxdlaaabaaafbkkag/NS/IN' denied: 1
On Tue, Feb 3, 2009 at 11:07 AM, Chip Marshall c...@2bithacker.net wrote:
Could be cache-probing as well. ... Not sure how useful
it is to know what people have been looking up ...
But none of those domain names are even close to valid, and while I
didn't check each and every one, it didn't
On February 03, 2009, Ben Scott sent me the following:
But none of those domain names are even close to valid, and while I
didn't check each and every one, it didn't look like there were any
repeats. How would that lead to info about cached queries?
Oh, I thought you had obfuscared the
On Tue, Feb 03, 2009 at 12:44:01PM -0500, Chip Marshall wrote:
On February 03, 2009, Ben Scott sent me the following:
But none of those domain names are even close to valid, and while I
didn't check each and every one, it didn't look like there were any
repeats. How would that lead to
On Tue, Feb 3, 2009 at 3:08 PM, virgins...@vfemail.net wrote:
But judging by the differences between the queries, this is
more likely a known-plaintext attack on a WEP, a VPN,
or similar.
Okay, I might buy that, but what's it doing on our DNS server? This
wasn't simply a misconfigured DNS
On Tue, Feb 03, 2009 at 05:11:51PM -0500, Bruce Dawson wrote:
Is it possible those strings are I18l names? (I seem to remember there
being a movement a while back trying to international-ize the DNS space.)
Like punycoded? Seems like you'd just see ASCII names starting with
xn-- for that;
Date: Tue, 3 Feb 2009 16:52:01 -0500
From: Ben Scott dragonh...@gmail.com
On Tue, Feb 3, 2009 at 3:08 PM, virgins...@vfemail.net wrote:
But judging by the differences between the queries, this is
more likely a known-plaintext attack on a WEP, a VPN,
or similar.
Okay, I might buy
On Tue, Feb 3, 2009 at 1:11 PM, Mark E. Mallett m...@mv.mv.com wrote:
It's possible that somebody's testing using random query names instead
of . -- . is pretty easy to look for in the logs, but the random
names are more difficult.
So why not just query for google.com. or something else
Is it possible those strings are I18l names? (I seem to remember there
being a movement a while back trying to international-ize the DNS space.)
--Bruce
Ben Scott wrote:
On Tue, Feb 3, 2009 at 1:11 PM, Mark E. Mallett m...@mv.mv.com wrote:
It's possible that somebody's testing using random
On Tue, Feb 3, 2009 at 6:29 PM, virgins...@vfemail.net wrote:
Okay, I might buy that, but what's it doing on our DNS server?
If the payload space being searched included the destination IP field,
the destination IP could just coincidentally have been that of
liberty.
Maybe I'm
Date: Tue, 3 Feb 2009 18:58:51 -0500
From: Ben Scott dragonh...@gmail.com
On Tue, Feb 3, 2009 at 6:29 PM, virgins...@vfemail.net wrote:
Okay, I might buy that, but what's it doing on our DNS server?
If the payload space being searched included the destination IP field,
the destination
On Wed, Feb 4, 2009 at 12:11 AM, virgins...@vfemail.net wrote:
Close. Known plaintext is when you know the plaintext P1 for a
corresponding ciphertext C1 and want to know the plaintext P2 for
another ciphertext C2. There are many ways of achieving that, but the
most *general* is finding the
So, we had around 100 of these show up in the log from Sunday on
liberty.gnhlug.org, all from the same IP address, all with similar
but apparently never the same name pattern:
client 192.0.2.42 query (cache)
'aaccmmfwxdlaaabaaafbbfpg/NS/IN' denied: 1 Time(s)
client 192.0.2.42 query
20 matches
Mail list logo