No subject


Fri Jan 31 06:23:24 EST 2014 

>From suter  Tue Oct 23 20:04:12 2001
Return-Path: <owner-general at lists.humbug.org.au>
Received: from diadora.client.uq.net.au (IDENT:root at diadora-2 [10.0.1.2])
	by zwitterion.humbug.org.au (8.12.1/8.12.1/Debian -2) with ESMTP id f9NA4BpU023909
	for <suter at zwitterion.humbug.org.au>; Tue, 23 Oct 2001 20:04:11 +1000
Received: from caliburn.humbug.org.au (caliburn.humbug.org.au [203.15.51.6])
	by diadora.client.uq.net.au (8.12.1/8.12.1/Debian -2) with ESMTP id f9NA4AXq021619
	for <suter at zwitterion.humbug.org.au>; Tue, 23 Oct 2001 20:04:10 +1000
Received: from mdlishum by caliburn.humbug.org.au with local (Exim 3.03 #1)
	id 15uQKk-000JhH-00
	for general-outgoing at lists.humbug.org.au; Fri, 19 Oct 2001 13:28:30 +1000
Received: from [139.130.74.232] (helo=blake.timetraveller.org)
	by caliburn.humbug.org.au with esmtp (Exim 3.03 #1)
	id 15uQKe-000Jgs-00
	for general at humbug.org.au; Fri, 19 Oct 2001 13:28:24 +1000
Received: from avon.timetraveller.org (robert at avon.timetraveller.org [203.46.133.200])
	by blake.timetraveller.org (8.9.3/8.9.3/Debian 8.9.3-21) with SMTP id NAA15573
	for <general at humbug.org.au>; Fri, 19 Oct 2001 13:21:58 +1000
Date: Fri, 19 Oct 2001 13:20:52 +1000 (EST)
From: Robert Brockway <robert at timetraveller.org>
To: HUMBUG General List <general at humbug.org.au>
Subject: [H-GEN] Vulnerable???
Message-ID: <Pine.LNX.3.96.1011018010502.3390A-100000 at avon.timetraveller.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-general at lists.humbug.org.au
Precedence: bulk
Reply-To: general at lists.humbug.org.au
X-Loop: general at lists.humbug.org.au
List-Help: <mailto:majordomo at lists.humbug.org.au?subject=help>
List-Post: <mailto:general at lists.humbug.org.au>
List-Subscribe: <mailto: general-request at lists.humbug.org.au?subject=subscribe>
List-Id: semi-serious discussions about Humbug and Unix-related topics <general at lists.humbug.org.au>
List-Unsubscribe: <mailto: general-request at lists.humbug.org.au?subject=unsubscribe>
List-Archive: <http://archive.humbug.org.au/humbug-general/>
Status: RO
Content-Length: 2911
Lines: 83

[ Humbug *General* list - semi-serious discussions about Humbug and  ]
[ Unix-related topics.  Please observe the list's charter.           ]
[ Worthwhile understanding: http://www.humbug.org.au/netiquette.html ]

Hi all.  I thought I'd browse the dns setups for a couple of the
organisations in the fore-front of the fight again terrorism.  The results
were interesting to say the least.

These days organisations are too dependent on their email/web pages to
risk losing them because of a badly configured dns...

#1: The FBI

;; ANSWER SECTION:
fbi.gov.                8h49m28s IN MX  0 mx1.prserv.net.
fbi.gov.                8h49m28s IN MX  0 mx2.prserv.net.

;; AUTHORITY SECTION:
fbi.gov.                14h12m6s IN NS  ns4.us.prserv.net.
fbi.gov.                14h12m6s IN NS  ns3.us.prserv.net.

;; ADDITIONAL SECTION:
mx1.prserv.net.         10h36m6s IN A   32.97.166.40
mx2.prserv.net.         10h36m57s IN A  32.97.166.40
ns4.us.prserv.net.      2h24m30s IN A   165.87.201.244
ns3.us.prserv.net.      2h39m49s IN A   165.87.201.243

fbi.gov.                8h42m26s IN SOA  master.us.prserv.net.
dns.us.ibm.com. (
                                        1003174698      ; serial
                                        6H              ; refresh
                                        1H              ; retry
                                        1W              ; expiry
                                        1D )            ; minimum

Conclusions:

1.  Both authorative dns servers are on the same subnet.

2.  The "two" mail servers are actually the same machine.  Hmm...

3.  The expire is a little low.

#2: The CIA

;; ANSWER SECTION:
cia.gov.                11m28s IN MX    5 relay2.ucia.gov.

;; AUTHORITY SECTION:
cia.gov.                9h55m56s IN NS  RELAY1.ucia.gov.
cia.gov.                9h55m56s IN NS  AUTH100.NS.UU.NET.

;; ADDITIONAL SECTION:
RELAY1.ucia.gov.        6h46m20s IN A   198.81.129.193
AUTH100.NS.UU.NET.      4m57s IN A      198.6.1.202

;; ANSWER SECTION:
cia.gov.                15M IN SOA      ucia.gov. root.ucia.gov. (
                                        11372116        ; serial
                                        15M             ; refresh
                                        1H              ; retry
                                        1D              ; expiry
                                        15M )           ; minimum

Conclusion:

1.  No backup MX at all!

2.  SOA values are too low.  Do they want their domain to go away or what?

Rob

-- Robert Brockway B.Sc. email: robert at timetraveller.org  ICQ: 104781119
   Linux counter project ID #16440 (http://www.li.org)
   "The earth is but one country and mankind its citizens" -Baha'u'llah




--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.

More information about the General mailing list