Showing posts with label rant. Show all posts
Showing posts with label rant. Show all posts

Feb 16, 2008

OpenDNS proxying

by Eduardo Tongson filed under , , ,

An old issue but new to me. Their supposed to be reason for doing this is ridiculous. 

$ dig @resolver1.opendns.com www.google.com

; <<>> DiG 9.4.1-P1 <<>> @resolver1.opendns.com www.google.com
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3375
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com.   IN A

;; ANSWER SECTION:
www.google.com.  30 IN CNAME google.navigation.opendns.com.
google.navigation.opendns.com. 30 IN A 208.67.216.230
google.navigation.opendns.com. 30 IN A 208.67.216.231

;; Query time: 336 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Sat Feb 16 17:36:09 2008
;; MSG SIZE  rcvd: 104

No official statement from OpenDNS on why they continue doing this. I wonder what other cnames are they spoofing. I call shenanigans on OpenDNS. Stopped using and recommending them.

0 comments Links to this post

Jan 31, 2008

All bets are off

by Eduardo Tongson filed under

I often hear or read this:

if the user gets a shell all bets are off
I find this claim ridiculous because it would only apply to improperly secured systems. The old folks would say that admin errors, programs ran as root and suid binaries (these are becoming scarce) are popular ways of getting root. If it is still the '90s I would agree.

On recent systems there exist security mechanisms that a competent administrator can implement to make it harder for attackers to exploit those binaries and programs. It should be a given that the administrator has properly secured those ran as root and suid programs. Accidentally typing the root password on the shell or having it get its way to the logs? C'mon now.

Anyway I think a trojaned ran as root software can be hard to detect but access control in place can catch those. The worst privilege escalation vector would be a kernel bug and the administrator can even do something about that. Besides a kernel bug, a system image backdoored with a good rootkit would be very hard to detect. Usually it needs to be taken offline for investigation.

1 comments Links to this post

Subscribe to: Posts (Atom)