"All of this has happened before, and it will all happen again"
I have been working with Mojolicious for a few weeks now. My main goal is to create a ReST API to send and receive DNS queries: a useful mechanism for my PhD thesis (a topic for a future post). In this post you are going to create a Mojolicious + Minion almost Rest API full […]
This is a very clear example of what is Fast-Flux Domains. at ANSWER SECTION 1) low TTL value (10 seconds) 2) different networks /16 3) different ASN for every IP address 4) CNAME for several IP address dig 1476529054.xiazaidown.com ; <<>> DiG 9.9.5-9+deb8u7-Debian <<>> 1476529054.xiazaidown.com … ;; ANSWER SECTION: 1476529054.xiazaidown.com. 600 IN CNAME xzz.dns-vip.net. xzz.dns-vip.net. […]
I have been working with DNS reputation for a while, and sometimes I need to confirm my questions/doubts/issues using third party applications including Project Honey Pot, Team-Cymru, and OpenBL project. Project Honey Pot has been a great source of information for many researchers, and it was time to contribute with a simple Perl extension to […]
I was looking for a simple method to send DNS requests to Team-Cymru.org services. Last year, I created another “Perl module” based on Net::DNS::Dig that had the same functionality. However, as pointed in my post, that Perl extension has a very poor Query ID generation algorithm, which could be susceptible to Kaminsky’s Bug. Net::DNS::Reputation::TeamCymru is […]
Checking for the IP reputation is not a new idea, however it is useful when one wants to know that an IP is safe for communication (email, vpn, etc…). Basically, all DNS Blacklists operate the same way. Given an IP address format (a.b.c.d), one should send the DNS request following this format d.c.b.a.dns.blacklist.tld. For instance, […]
Added option which allows user to specify distinct nameservers to run the name resolution. Net::DNS::Simple documentation is updated. use Net::DNS::Simple; my %config = ( nameservers => [‘192.168.86.7’, ‘192.168.86.8’], recurse => 0, debug => 0 ); my $res = Net::DNS::Simple->new(“kaiux.com”, “A”, %config); This feature is supported in Net::DNS::Resolver by default.
That is it! #!/usr/bin/perl use Net::DNS::Simple; my $res = Net::DNS::Simple->new(“www.google.com”, “MX”); $res->print_domain(); I have been working with DNS for while using Perl and Net::DNS module. However something always annoyed me when I needed to write a new Perl tool, I had to spend too much time writing all the things that Net::DNS needs. Given that […]
Geralmente as perguntas DNS são bem formadas, mas como tudo tem sua exceção, veja a seguinte consulta DNS 00:00:13.372296 IP CLIENTE_DNS.43525 > SERVIDOR_DNS.53: 14737% [1au] MX? DOMÍNIO.gov.br. (39) Vamos observar com mais detalhes esse pacote 00:00:13.372296 IP (tos 0x0, ttl 49, id 0, offset 0, flags [DF], proto: UDP (17), length: 67) CLIENTE_DNS.43525 > SERVIDOR_DNS.53: […]
O tcpdump é o verdadeiro canivete suíço de todo o administrador de sistemas e operadores de rede. A partir dos filtros de pacotes Berkley (Berkeley Packet Filter – BPF) podemos estender as funcionalidades do tcpdump. Cabeçalho UDP / UDP Header Por exemplo, o cabeçalho do UDP definido na RFC. Filtros UDP para cada campo do […]
Comentei em um post anterior sobre a utilização do registro de recurso do tipo PTR para reduzir a quantidade de mensagens não desejadas. No entanto, esta simples abordagem não é uma solução completa no combate contra SPAMs. Na minha humilde opinião o gmail é o melhor sistema e webmail que já utilizei. Desisti da minha […]