pharming.. dns cache insertion...

[bruce]

how does one/could one go about determining if an IP Address is actually
valid...

given that the whole initial assumption of the internet/dns is that a dns
server wnats to return honest information, i can start to see what happens
if this assumption breaks down. but if i could 'poll' a sampling of dns
servers for a given URL/Ip Address, shouldn't i be able to more or less
determine if the address that i'm generating for the URL is 'valid'. and
yeah, i'm willing to assume that a URL could have multiple 'valid' IP
addresses...

but if i poll 500-1000 DNS servers for a given IP Address, shouldn't i start
to see patterns that tell me what the valid IP addresses are for the URL, so
that an address that gets returned to me (or a false one that's hard coded)
could be identified as being false...

comments/thoughts...

thanks

bruce


-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org]On
Behalf Of Barry Margolin
Sent: Saturday, April 09, 2005 7:42 AM
To: comp-protocols-dns-bind at isc.org
Subject: Re: pharming.. dns cache insertion...


In article <d37dso$2ev4$1 at sf1.isc.org>,
 Brad Knowles <brad at stop.mail-abuse.org> wrote:

> At 2:02 PM -0700 2005-04-08, bruce wrote:
>
> >  i got to thinking about this after your 1st email... my basic question
was,
> >  is there a list/compilation of valid IP addresses, taking into account
that
> >  the list is completely dynamic.. has anyone tried to compile such a
list?
> >  how the hell would you even do it?
>
> 	With regards to individual IP addresses, that's not possible.
> Among other things, a given IP address range may be validly assigned
> to someone, but they may allocate IP addresses out of that range on a
> dynamic basis to their clients.  Assuming their range is not
> completely full, there will always be some addresses which are not
> currently assigned -- but you never know which ones.