I hate to feed a troll, but actually copy/paste can be EASIER with a unix desktop (sometimes too easy the single click paste takes a bit to get used to -- I used it for years way back when and was fine but once I started running Windows at work it was a little strange to switch back and forth).
In addition I write this comment on a win2k workstation. It is rather nice to have a clickable link so that in mozilla I can open in a new tab to process later. In other words actually have a hyperlink be clickable
Give him a break - you have to think to post anonymously (so be thinking about karma whoring to remember not to). He probably just didn't think about it.
And I've been bitching about SPF using DNS TXT records for longer than that. Don't people firewall their DNS anymore? If your inside a network and your trying to leak info out, DNS is the best way to do it.
Dan is literally *using* DNS to hide his traffic, not just using udp:53.
Even so, this still isn't that interesting. So you mime encode it (or whatever), tack on a domain, and talk to a rogue dns server. Anyone dealing with secure networks should know that having any opening to the internet is a security risk and take that into account when designing one's network.
Recursive lookup support isn't required to achieve incoming connectivity (see induced lookups), and being able to do lookups against the outside world isn't identified by anyone as a risk.
SO... is there any chance of developing a distributed, secure DNS implemenation that is backward-compatable?
Right now, we rely on 13 servers to run DNS, why not 26? Why even have root name servers at all? Could we develop a DNS system ala Usenet, that sends updates both up and down stream... And then just have the ability to slowly or quickly accept new incoming information as true based on various criteria, to avoid having bad information flooding the DNS servers?
So, it is now official. Nessus reports everything as a security hole;-)
I saw this presentation during Black Hat... it was impressive, but it just furthers the idea that perimeter security is merely a piece of the puzzle.
good stuff,
j
The opulence of the front office door varies inversely with the fundamental
solvency of the firm.
Old news (Score:5, Informative)
Re:Old news (Score:3, Informative)
http://cgi.nessus.org/plugins/dump.php3?id=1158
Re:Old news (Score:3, Informative)
Here's a link:
http://cgi.nessus.org/plugins/dump.php3?id=11580
And here's a clickable hyperlink (you may have seen these before):
http://cgi.nessus.org/plugins/dump.php3?id=11580 [nessus.org]
Seriously, it's not that hard! In Slashdot all you have to do is put <URL: at the start and > at the end.
Re:Old news (Score:2, Informative)
Mozilla: Select the url, middle click into a new tab. Bam.
Konqueror: Ibid.
Links (graphical): Select the url, hit g, middle click
Re:Old news (Score:2)
In addition I write this comment on a win2k workstation. It is rather nice to have a clickable link so that in mozilla I can open in a new tab to process later. In other words actually have a hyperlink be clickable
Re:Old news (Score:1)
Re:Old news (Score:1)
Re:Old news (Score:2)
Dan is literally *using* DNS to hide his traffic, not just using udp:53.
I know Dan and he's one of those people crazy (smart) enough to hack on something as dumb as this long enough to get something interesting out of it.
-davidu
Re:Old news (Score:3)
Even so, this still isn't that interesting. So you mime encode it (or whatever), tack on a domain, and talk to a rogue dns server. Anyone dealing with secure networks should know that having any opening to the internet is a security risk and take that into account when designing one's network.
Re:Old news (Score:3, Informative)
--Dan
Re:Old news (Score:2)
Right now, we rely on 13 servers to run DNS, why not 26? Why even have root name servers at all? Could we develop a DNS system ala Usenet, that sends updates both up and down stream... And then just have the ability to slowly or quickly accept new incoming information as true based on various criteria, to avoid having bad information flooding the DNS servers?
Re:Old news (Score:1)