North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Collecting PTR names or IP addresses (Was: Re: IRC Bot list (cross posting))

  • From: Gadi Evron
  • Date: Mon Feb 14 04:36:09 2005


	PTR records are just as pointless as A records...
	in a secured DNS heirarchy, this is less of an issue
We are not quite there yet, are we?

	since you have to spoof the entire delegation chain.
	so either trust the DNS (both forward and reverse)
	or not.  For forensics, collect the DNS lables and the
	IP addresses associated w/ them.

	and yes, i have seen DNS spoofing in the wild, both A
	and PTR, although A spoofing is much more pronounced.
Question is, why bother and spoof?