[77900] in North American Network Operators' Group
Re: Collecting PTR names or IP addresses (Was: Re: IRC Bot list
daemon@ATHENA.MIT.EDU (Gadi Evron)
Mon Feb 14 04:34:20 2005
Date: Mon, 14 Feb 2005 11:31:33 +0200
From: Gadi Evron <gadi@tehila.gov.il>
To: bmanning@vacation.karoshi.com
Cc: Ketil Froyn <kfroyn@gnr.com>, nanog@nanog.org
In-Reply-To: <20050211195813.GA29432@vacation.karoshi.com.>
Errors-To: owner-nanog-outgoing@merit.edu
> PTR records are just as pointless as A records...
> in a secured DNS heirarchy, this is less of an issue
We are not quite there yet, are we?
> since you have to spoof the entire delegation chain.
> so either trust the DNS (both forward and reverse)
> or not. For forensics, collect the DNS lables and the
> IP addresses associated w/ them.
>
> and yes, i have seen DNS spoofing in the wild, both A
> and PTR, although A spoofing is much more pronounced.
Question is, why bother and spoof?
