Posts by TRT

Re: So, what would be the point of hiding the DNS query?

That's for someone that is a target, i.e. known to the authorities, on a watch list.

DNS scrying is far more... well, circumspect.

So, what would be the point of hiding the DNS query?

If you have spooks either (A) watching a DNS for trigger events or (B) going through DNS logs, then this method either (A) doesn't trigger the alert flag at the ISPs DNS or doesn't reveal the exact origination of the request at the .odns end and (B) means they have to obtain two sets of logs, potentially in two different jurisdictions, in order to decode the footprint.

All bets are off if they are watching an individual user; this methodology simply makes casting-a-net-and-see-what-we-get less worthwhile of an activity.

Re: Pants

Thinking about it... if you DO use a revolving DNS, then this actually makes it EASIER to gather up the pieces, because the requests will all find their way to .odns's resolver in the end, within a narrow time window.

The diagram isn't clear. The .odns stub isn't attached to the ISPs DNS but to the client.

The "attack surface" is roughly speaking "The ISPs DNS logs every packet in its entirety and that log is readable by a hostile agent. This enables a client's entire internet activity to be mapped out where DNS lookups are being made."

The mitigation is to encrypt the request which the ISP is logging, but to do so in a way that a bog-standard DNS service can handle the query.

Application asks the transport layer for a website, say. l33th4xerr.org

The transport layer is charged with sorting this out, and presumably the .odns stub will sit here.

The .odns Top Level Domain is added by the stub inside the client or in the client's own Firewall/NAT/DNS relay, and this encrypts the requested address, so you get a lookup request for something like:

x.x.x.x wants the IP for 30831r]83Rouy[498tby[8nyr84[B'CRB.odns

The ISPs DNS throws its hands up in the air and says "I'll have to refer this to .odns as the source of authority".

The x.x.x.x is now replaced by the DNS relay...

r.r.r.r wants the IP for 30831r]83Rouy[498tby[8nyr84[B'CRB.odns query reference number 12345

.odns, as a source of authority, strips out the session key which it will use to encrypt the response, decodes the real request, looks it up, gets the response and encrypts that before sending it back to the ISPs DNS, which is the only IP address that it has - the originating requestor's IP address isn't included in the query string.

So the response now reads:

To r.r.r.r from .odns. In response to query reference 12345

The IP addresses for 30831r]83Rouy[498tby[8nyr84[B'CRB.odns are 4c34c3442r2cc5gdfgr4344tf33, dfarf7fpqn8tt9[]5t5]tbq5[t and fifty98[b3[[];'\g-0]-k

Now, the ISPs DNS isn't going to understand what the response is. The reason that the response is encrypted is so that the reply doesn't reveal the IP address of the query because the ISPs DNS is going to change the response to:

To x.x.x.x from r.r.r.r.

The IP addresses for 30831r]83Rouy[498tby[8nyr84[B'CRB.odns are 4c34c3442r2cc5gdfgr4344tf33, dfarf7fpqn8tt9[]5t5]tbq5[t and fifty98[b3[[];'\g-0]-k

And that will be logged.

The .odns stub then takes the encrypted part of the response and uses the private key to the session key that it sent to change the reply to:

To originating computer, the IP address for l33th4xerr.org is 12.43.128.12

or if the stub is sitting in the transport layer of the client, it will pass that on to the resolver and add it to the local address resolution list.

If you pwn the .odns, you only see an ISPs DNS asking for dodgy URLs, if you pwn the ISPs DNS, then you see a lot of nonsense requests for a particular IP address on that network - a household with a NAT Firewall or something. If you pwn both then you can get the complete picture.

The problem I have with this is that the encrypted reply might need to be understood by the ISPs DNS. Surely it will be trying to parse the response in order to cache it or something. And the character set of both request and response must fit within the footprint of what a domain name can be, although with multibyte domain naming allowed now, I guess that restriction is cited slightly.

Re: Pants

Crafty but obvious. It simply recurses to the odns server which has the other half of the key-pair, which then proxies the lookup. I suppose if one is trying to build a map of what a particular computer is doing, then this would help prevent that, but then so would using a revolving DNS package with a very disparate list of lookups. You'd have to scour dozens of resolvers to gather the map. This method concentrates all of the DNS requests to a single resolver. Unless one combined those methods of course; that would be like putting a jigsaw through a shredder that dumps its load in front of a leaf blower powered playground roundabout.

Could be a software stub in the client computer or in a gateway. The diagram doesn't make it clear.

This web campaign brought to you...

by The National Spam Party.

Re: qotw

I used to work for a well-known American electronics high street retailer, now defunct in the UK, that started life making leather goods. You know the one?

Anyway, we had a regular who used to come in to buy the anti-static spray for record players (snake oil stuff - an atomiser filled with distilled water made up with about 5% IPA). He started asking for stronger stuff because "the US government had turned up the power when they realised they couldn't read him". Turns out he used the spray like a cologne. His baseball cap was lined with tin foil too, I noticed.

Re: The Natural Navigator

You see? I just pictured that and got it completely arse about tit.

Re: winging it

They use navigation beakons.

Re: The Natural Navigator

I get totally bolloxed around South Kensington. In any other place in London, I know which way the river is and thence which way is North.

Re: How would it feel?

Manchester university have been running a human magneto-orientation study for years. It involved minibussing blindfolded volunteers around Manchester, making use of several roundabouts to disguise direction, then a 20-30 minute drive around. Volunteers wore a headband contains either a magnet or a piece of brass, then had to guess and mark on a clipboard oriented towards the front of the coach which way was north and which way was the university.

I'm not sure what the results are looking like.

Re: Is it Friday already?

Disaster can strike at any time. It just always seems like it's Friday when shit happens, just to take the shine off your weekend.

Windows-execute-order-66?

Elastic sheets, secured round the edge. Provides some thrust for re-entry.

Re: into the range where the instructor simply ignored

Ah! A wetware attack. Go for the weakest point.

Face ID might just be worthwhile then. Using camera and integrating calendar and some kind of dropbox programme built into a school management tool (anyone remember PowerSchool?) along with on-prem cloud storage that doesn't rely on a good external 'net link.

"Hello Bethany! Your timetable says that you are supposed to be in Art class now. I see you haven't finished your art drawing yet and submitted it to Miss Jerrard. Is that what we will be doing now?"

Walled Kindergarten

"My kids are used to Ticonderoga pencils and Croxley Heritage Wove. How will they cope in a school that uses Cumberland and Conqueror Laid?"

Worried no parent, ever.

Re: At Snorlax...

10-base-T IS twisted pair ethernet. It would have to have been installed in a fairly narrow-ish time frame to be Cat 3 UTP in order to require upgrade to Cat 5. Do you mean 10-base-2 aka Thin Ethernet, perhaps?

Re: Validation Vs verification

I've often thought that date sanity checking would be a valuable addition to spelling and grammar checking tools. The number of times I've had documents and emails coming through with days and dates not matching... e.g.

Your vehicle's annual service falls due on Wednesday 29th March 2018. To maintain your warranty... Yes, you've simply incremented the year by one on last year's letter, you muppet. Do you mean Thursday 29th March, or Wednesday 28th March? Don't make me guess! Or...

See you next Monday (the 3rd), then. So, do you mean April the 2nd (next Monday), April the 3rd (it's a Tuesday), or do I wait until September, which is the next time that Monday falls on the 3rd?

A simple sanity check for dates would save so much grief!

They had to be sacrificed to the gods of the network in order to ensure the return of bountiful bandwidth.

As is hostingUK.

The trouble with bandwagons...

I'm thinking of creating a service, via an app, where one can quickly and simply call on a less regulated, sort of community based, bandwagon. It will be cheaper and easier than existing bandwagon boarding, providing a challenge to the established norms. And you won't be obliged to pay for hidden extras like pitchforks and burning torches either unless that's a service that you particularly want, where other micro-operators will step into the market gap as a complimentary service provider.

Re: Jaywalking

It always confused me too. You watch Columbo or Starsky and Hutch or NCIS or anything like that, and the police protagonist is forever nipping across the road to have a word with the officers or agents sat in a sedan on surveillance opposite an apartment block. Surely that's jaywalking! Or does it only apply to some designation of road above a certain threshold like the UK's A road, B road and unclassified?

Re: Bugs.

You mean the difference between compound and simple eyes? It's a fascinating subject.

Should of seen that coming

Like the pedestrian then?

Re: Jaywalking

To the phantom thumb downers... a "right of way" is a legal term meaning [from Black's] "The right of passage or of way is a servitude imposed by law or by convention, and by virtue of which one has a right to pass on foot, or horseback, or in a vehicle, to drive beasts of burden or carts, through the estate of another." and "'Right of way', in its strict meaning, is the right of passage over another’s ground; and in its legal and generally accepted meaning, in reference to a railway, it is a mere easement in the lands of others, obtained by lawful condemnation to public use or by purchase."

That is to say that for a public road, vehicles and pedestrians both have rights of way.

The term you are thinking of is "priority", which applies only at junctions. If pedestrians simply had priority by virtue of putting their foot on the road, then we wouldn't need zebra crossings, would we?

Re: Intimidation ...!!

Rushing roulette?