Twist and Shout! But no answer.

yet another geek

Twist and Shout! But no answer. 2008-03-29

Lately, tech media is reporting about trojans, that manipulate the victims DNS configuration and that way allow phishing attacks without URI manipulation. With things like that in mind, I guess you'd not love it, if your network equipment would send your possibly sensitive data to the wrong target. But that's exactly, what a friends DSL router does.
Today he asked me, if I could reach a certain host, because his pings weren't answered. My ping request was answered by the target and I c&p'ed the result, which showed the resolved target's IP a.b.c.d, for my friend. It turns out, the DNS server running on his router box sometimes resolves requests to a permutation of the true result in the form d.c.b.a.

I know, it's unlikely that this is exploitable in a convenient way, but at least I found it a really curious annoyance and something inducing an uncomfortable feeling while you're doing online banking with that router.
Posted by Carsten in Networking
« Finally! All South Park Episodes online, free and legal!    Reason for fever discovered »

Comments
Display comments as (Linear | Threaded)

No comments


Add Comment

E-Mail addresses will not be displayed and will only be used for E-Mail notifications

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA