[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Two-faced Security Problem? Dammit Janus?
In reply to:
>
>
>After poking around for a week, I discovered that my home machine,
>newray.digex.net, is listed in the Digex's nameservers TWICE! Once with
the
>IP address that my home machine is waiting for (199.125.128.5) and once
>with some other IP address in the digex space (164.109.211.61). If you do
>an
nslookup on the name, you get both addresses. I believe that the
>technically correct thing for someone to do is to choose one of the
>addresses at random to distribute the load between two machines pretending
>to
be one. This explains the connection failures that happened half of the
>time.
>
>This has led me to wonder, though, whether this is some sort of
security
>breech. For instance, could there be someone out there mascarading as
me?
>Normally I run Eudora, Netscape, Telnet and other outward bound
>applications. It was almost a fluke that I noticed that there were two
>entries.
>
More likely this is a matter of someone assigning a host name to a system
without realizing it has already been taken. Yes it can be a security breech but
as you experienced the connection is broken easily. If someone wanted to grab
your identity they would more likely busy your system (by flooding you with ping
requests or something similar) and then grab you IP address.
>Does some software need to find its IP address in a DNS table? For
>instance, does Eudora need to look up 164.109.211.61 to find
>"newray.digex.net"?
The lookup typically goes the other way around, from host--->IP address.
Dependant on the cache hits either address could be returned.