Collecting PTR names or IP addresses (Was: Re: IRC Bot list (cross posting))
Gadi Evron
gadi at tehila.gov.il
Mon Feb 14 09:31:33 UTC 2005
> PTR records are just as pointless as A records...
> in a secured DNS heirarchy, this is less of an issue
We are not quite there yet, are we?
> since you have to spoof the entire delegation chain.
> so either trust the DNS (both forward and reverse)
> or not. For forensics, collect the DNS lables and the
> IP addresses associated w/ them.
>
> and yes, i have seen DNS spoofing in the wild, both A
> and PTR, although A spoofing is much more pronounced.
Question is, why bother and spoof?
More information about the NANOG
mailing list