Re: swedish dns zone enumerator

Wed, 01 Nov 2023 14:45:05 -0700 

Randy, thanks for sharing, I didn't know this is actually done. Any idea if
they use something clever or just exhaustive search? thanks Amir
-- 
Amir Herzberg

Comcast professor of Security Innovations, Computer Science and
Engineering, University of Connecticut
Homepage: https://sites.google.com/site/amirherzberg/home
`Applied Introduction to Cryptography' textbook and lectures:
https://sites.google.com/site/amirherzberg/cybersecurity




On Tue, Oct 31, 2023 at 6:49 PM Randy Bush <ra...@psg.com> wrote:

> i have blocked a zone enumerator, though i guess they will be a
> whack-a-mole
>
> others have reported them as well
>
> /home/randy> sudo tcpdump -pni vtnet0 -c 10 port 53 and net 193.235.141
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on vtnet0, link-type EN10MB (Ethernet), capture size 262144 bytes
> 22:42:39.516849 IP 193.235.141.90.32768 > 666.42.7.11.53: 14 NS?
> 33j4h.org.al. (30)
> 22:42:39.517640 IP 193.235.141.17.32768 > 666.42.7.11.53: 14 NS?
> 33m6d.xn--mgbayh7gpa. (38)
> 22:42:39.519169 IP 193.235.141.17.32768 > 666.42.7.11.53: 14 NS? 33lxd.tn.
> (26)
> 22:42:39.520064 IP 193.235.141.171.32768 > 666.42.7.11.53: 14 NS? 33md6.jo.
> (26)
> 22:42:39.521081 IP 193.235.141.247.32768 > 666.42.7.11.53: 14 NS? 33lxd.lb.
> (26)
> 22:42:39.523981 IP 193.235.141.162.32768 > 666.42.7.11.53: 14 NS? 33pd2.az.
> (26)
> 22:42:39.525043 IP 193.235.141.60.32768 > 666.42.7.11.53: 14 NS?
> 33nc5.com.al. (30)
> 22:42:39.526185 IP 193.235.141.209.32768 > 666.42.7.11.53: 14 NS? 33nc5.sz.
> (26)
> 22:42:39.527931 IP 193.235.141.150.32768 > 666.42.7.11.53: 14 NS?
> 33q5p.com.al. (30)
> 22:42:39.529516 IP 193.235.141.210.32768 > 666.42.7.11.53: 14 NS?
> 33qbq.com.al. (30)
> 10 packets captured
> 124 packets received by filter
> 0 packets dropped by kernel
>
> inetnum:        193.235.141.0 - 193.235.141.255
> netname:        domaincrawler-hosting
> descr:          domaincrawler hosting
> org:            ORG-ABUS1196-RIPE
> country:        SE
> admin-c:        VIJE1-RIPE
> tech-c:         VIJE1-RIPE
> status:         ASSIGNED PA
> notify:         c+1...@resilans.se
> mnt-by:         RESILANS-MNT
> mnt-routes:     ETTNET-LIR
> created:        2008-04-03T11:21:00Z
> last-modified:  2017-04-10T12:47:06Z
> source:         RIPE
>
> randy
>

Reply via email to