[124263] in North American Network Operators' Group
Re: DNS TXT field usage ?
daemon@ATHENA.MIT.EDU (Joe Provo)
Sun Mar 28 08:35:00 2010
Date: Sun, 28 Mar 2010 08:34:26 -0400
From: Joe Provo <nanog-post@rsuc.gweep.net>
To: jul <jul_bsd@yahoo.fr>
In-Reply-To: <4BAF45D7.5000102@yahoo.fr>
Cc: NANOG <nanog@nanog.org>
Reply-To: nanog-post@rsuc.gweep.net
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Sun, Mar 28, 2010 at 02:04:39PM +0200, jul wrote:
> Hello,
>
> While watching some parked domains, I recently observed one which has a
> TXT field containing some crypto value, something like a ssh key/RSA 512
> or 1024 output (only the crypto part 'cvxvcvcxvcxv=' ).
If the TXT data is a large wodge which changes, and/or there are
fluctuating interesting labels within the zone, then it isn't parked
but is being used for IP-over-DNS tunneling.
Cheers,
Joe
--
RSUC / GweepNet / Spunk / FnB / Usenix / SAGE
