pharming.. dns cache insertion...
bruce
bedouglas at earthlink.net
Sat Apr 9 17:32:27 UTC 2005
how does one/could one go about determining if an IP Address is actually
valid...
given that the whole initial assumption of the internet/dns is that a dns
server wnats to return honest information, i can start to see what happens
if this assumption breaks down. but if i could 'poll' a sampling of dns
servers for a given URL/Ip Address, shouldn't i be able to more or less
determine if the address that i'm generating for the URL is 'valid'. and
yeah, i'm willing to assume that a URL could have multiple 'valid' IP
addresses...
but if i poll 500-1000 DNS servers for a given IP Address, shouldn't i start
to see patterns that tell me what the valid IP addresses are for the URL, so
that an address that gets returned to me (or a false one that's hard coded)
could be identified as being false...
comments/thoughts...
thanks
bruce
-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org]On
Behalf Of Barry Margolin
Sent: Saturday, April 09, 2005 7:42 AM
To: comp-protocols-dns-bind at isc.org
Subject: Re: pharming.. dns cache insertion...
In article <d37dso$2ev4$1 at sf1.isc.org>,
Brad Knowles <brad at stop.mail-abuse.org> wrote:
> At 2:02 PM -0700 2005-04-08, bruce wrote:
>
> > i got to thinking about this after your 1st email... my basic question
was,
> > is there a list/compilation of valid IP addresses, taking into account
that
> > the list is completely dynamic.. has anyone tried to compile such a
list?
> > how the hell would you even do it?
>
> With regards to individual IP addresses, that's not possible.
> Among other things, a given IP address range may be validly assigned
> to someone, but they may allocate IP addresses out of that range on a
> dynamic basis to their clients. Assuming their range is not
> completely full, there will always be some addresses which are not
> currently assigned -- but you never know which ones.
More information about the bind-users
mailing list