dns spoofing?
Barry Margolin
barmar at genuity.net
Sat Mar 2 01:41:51 UTC 2002
In article <a5p6pt$6g0 at pub3.rc.vix.com>, Kory <kbot101 at hotmail.com> wrote:
>
>I'm very new to the world of DNS but I'm curious, how exactly would
>one go about doing this? If it is too hard to explain then could you
>plz point me to a location where I could read and learn about it?
It's not too hard to explain, it's too easy to explain. There's absolutely
nothing special to do. If you host a reverse domain, you can put anything
you want in the hostname fields of the records.
However, most applications that care about reverse DNS for anything
critical (like security checks) do an extra check, to prevent this from
being a problem. After they do a reverse lookup, they then look up the
name that was returned, and check whether it resolves to the address they
started with. If not, they reject the name that the reverse lookup
returned, or at least warn someone (in mail headers you'll often see "may
be spoofed" in Received lines, as a result of this type of check).
>"Cricket Liu" <cricket at menandmice.com> wrote in message
>news:<a5bga9$aum at pub3.rc.vix.com>...
>> > I do a nslookup on ns1.catalyst.net and i have:
>> > Query Sent: NS1.CATALYST.NET
>> > Started at: 17:31:19
>> > Stopped at: 17:31:19
>> > Server: ns.ceti.pl
>> > Address: 62.121.128.50
>> > Non-authoritative answer:
>> > Name: NS1.CATALYST.NET
>> > Address: 216.102.118.230
>> >
>> > When i do a nslookup on 216.102.118.230 i have :
>> > Query Sent: 216.102.118.230
>> > Started at: 17:32:24
>> > Stopped at: 17:32:25
>> > Server: ns.ceti.pl
>> > Address: 62.121.128.50
>> > Name: MrYowler.WOPR12.su
>> > Address: 216.102.118.230
>> > Aliases: 230.118.102.216.in-addr.arpa
>> >
>> > MrYowler.WOPR12.su doesn't exist, how can it be done???
>>
>> You can reverse map an IP address to any string you like, simply
>> by putting that string in the RDATA of the PTR record. There's
>> no requirement that it be a real domain name.
>>
>> cricket
>>
>> Men & Mice
>> DNS Software, Training and Consulting
>> www.menandmice.com
>>
>> Attend our next DNS and BIND class! See
>> http://www.menandmice.com/8000/8000_dns_training.html
>> for the schedule and to register for upcoming classes
>
--
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list