On Wed, Aug 18, 2004 at 05:09:53PM +0200, Florian Weimer wrote:
> * Roy Arends:
>
> > Err, most of the attacks I know involves a target. If the target is the
> > .de domain, the attack would benefit from the knowledge of zones under the
> > .de domain.

>
> How so? I need a list of the name servers for .DE, and detailed
> routing information is also desirable (including the router
> vendors/software versions that are involved).


Some real-world router/switch names:

500.Serial3-7.GW6.LAX9.ALTER.NET
POS7-0.BR2.LAX9.ALTER.NET
so-6-0-0.mpr4.sjc2.us.above.net
bb1-hou-P1-0.atdn.net
pop1-atl-P4-0.atdn.net
so-10-0.hsa1.Raleigh1.Level3.net
so-0-3-0.bbr1.LosAngeles1.Level3.net
eth2.dist1-1.sr.sonic.net
sl-gw19-rly-9-0.sprintlink.net
sl-bb27-rly-12-0.sprintlink.net
tbr1-cl2.dlstx.ip.att.net

Note that there is real information encoded in those names.

The ability to completely list of all the domain names under, for
example, Level3.net, would give a tremendous amount of information
about the structure of their network. One could gather the same
information using thousands of traceroutes, or perhaps by a very
carefully crafted dictionary attack, but the amount of work involved
would be orders of magnitude greater.

Regards
Kent
--
Kent Crispin
kent@icann.org p: +1 310 823 9358 f: +1 310 823 8649
kent@songbird.com SIP: 81202@fwd.pulver.com


--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: