DNS wierdness and cox communications -DAN Kamisky Sensationalizes what Every HOSTMASTER already knows!

Lisa Kachold lisakachold at obnosis.com
Fri Aug 15 20:29:46 MST 2008 

Dan Kaminsky gave a great presentation at DefCon 16 (which I couldn't get into see - standing room only).

You can go to his site and read all about it.

http://www.doxpara.com/

There is even a fine DNS jscript "Check my DNS" button on the right side of the page!

And for those of you who appreciate humor:  http://flickr.com/photos/fakedankaminsky

But, really, every DNS admin, systems administrator and hostmaster well know how random ports, recursion, insecure secondaries, and forwarders create issues for DNS tunneling, DNS poisoning and DNS hijacking - it's a bit ironic that now someone with their shingle hung out as a "security researcher" has the ability to foster industry changes?

"The only limiting factor of the Linux operating system, is his user."  - Linux Tordahl

iCrossing.com || (503)754-4452 Blackberry || Obnosis.com



> Date: Wed, 13 Aug 2008 23:21:27 -0700
> From: matrixm at gmail.com
> To: plug-discuss at lists.plug.phoenix.az.us
> Subject: Re: DNS wierdness and cox communications
> 
> I'd say it's guaranteed cox. I'm having exact same problems and cox is
> the only provider involved. I've a fried who lives about two streets
> over from me, again having the same problems. Unfortunately, I've
> called cox and they basically are telling me it's my computer (all 7
> of them in my house) that are at fault, cause nothing on their network
> could cause that behavior. When I mentioned to them that others I've
> heard of were having these problems they were like "Oh, if that were
> the case we'd have a lot more calls, and we don't" then they dismissed
> me. I'm calling back tomorrow and going to talk to a manager and see
> if maybe I can get someone to accept they've screwed something up in
> their network and need to fix it.
> 
> On Mon, Aug 11, 2008 at 4:56 AM, Technomage Hawke
> <technomage.hawke at gmail.com> wrote:
> > yeah... could be just my connection..... in diverse places on cox (and
> > from what I see, also on qwest). someone suggested a possible routing
> > issue as well (more than likely the case).
> >
> > one other possible thought, the root DNS servers may not be accepting
> > connections from jus "anybody".
> >
> > ASU's DNS servers are actually located within the qwest ip space.
> >
> > I have tried other DNS servers with variable results. I might have to
> > break out wireshark and see if I am getting connection resets on that
> > port. and run some tests with my clients over this week.
> >
> > anyway, I don't have enough available info to call it as a cox or a
> > qwest specific issue.
> >
> >
> > On 8/10/08, James Mcphee <jmcphe at gmail.com> wrote:
> >> If you're experiencing issues, then set up a job to query Cox and Qwest's
> >> and whoever's DNS servers at the same time and log it.  See if you're seeing
> >> a trend.  It could just be your connection.
> >>
> >>
> >> On Sun, Aug 10, 2008 at 12:07 AM, Craig White <craigwhite at azapple.com>
> >> wrote:
> >> >
> >> > On Sat, 2008-08-09 at 23:39 -0700, Technomage Hawke wrote:
> >> > > Over the last few weeks, I have noticed an increasing number of
> >> > > customer calls about network outages. Now on the surface, this might
> >> > > not seem all that relevant, However, these issues are not just windows
> >> > > centric.
> >> > >
> >> > > I have discovered a pattern to the outage problems I have been
> >> > > troubleshooting. it seems that cox is filtering dns traffic to anyone
> >> > > outside their own ip space. any attempt to use a DNS root server or
> >> > > even the ASUdns servers results in many pages not being resolved. as
> >> > > soon as I set for the cox dns servers, all seems to work again.
> >> > >
> >> > > anyone else noticing this "filtering" on cox's part?
> >> > ----
> >> > no - it makes no sense, you can always test your theory out at any time
> >> > you want by running commands such as dig and host and if you really
> >> > care, you could run your own caching dns server which would obviously
> >> > need to access other dns servers to be worthwhile.
> >> >
> >> > Craig
> >> >
> >> >
> >> >
> >> >
> >> > ---------------------------------------------------
> >> > PLUG-discuss mailing list -
> >> PLUG-discuss at lists.plug.phoenix.az.us
> >> > To subscribe, unsubscribe, or to change your mail settings:
> >> >
> >> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >> >
> >>
> >>
> >>
> >> --
> >> James McPhee
> >> jmcphe at gmail.com
> >>
> >> ---------------------------------------------------
> >>  PLUG-discuss mailing list -
> >> PLUG-discuss at lists.plug.phoenix.az.us
> >>  To subscribe, unsubscribe, or to change your mail settings:
> >> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >>
> > ---------------------------------------------------
> > PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> > To subscribe, unsubscribe, or to change your mail settings:
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

_________________________________________________________________
Get ideas on sharing photos from people like you.  Find new ways to share.
http://www.windowslive.com/explore/photogallery/posts?ocid=TXT_TAGLM_WL_Photo_Gallery_082008
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20080816/cf4aab40/attachment.htm

More information about the PLUG-discuss mailing list