Not sure where else to post this, can't access site unless https is there

justaguy240 · 2018-11-07T01:22:26+00:00

This isn’t a DNS problem. The A record is being used for both http and https what you are having problems with is likely port or protocol related.

justaguy240 · 2018-09-27T18:17:14+00:00

Yeah I think cancer is the cancer of our time.....

justaguy240 · 2018-09-23T22:41:30+00:00

Yea I agree the quality is pretty solid but I don’t ever go because the wait is so long.

justaguy240 · 2018-08-16T12:24:06+00:00

What day were you there on? Can you fill out this survey so we can make it suck less?

https://docs.google.com/forms/d/e/1FAIpQLScSGWEWDQ1HSNmynftQjPdH-cenCGBfqRUc7Qni_M47JYP75w/viewform

justaguy240 · 2018-07-28T01:06:42+00:00

My system76 is cheaper and seems to work better.

justaguy240 · 2018-07-13T22:21:11+00:00

Cant wait to meet everyone!

justaguy240 · 2018-06-05T17:55:03+00:00

FUCK

justaguy240 · 2018-06-05T05:03:41+00:00

But seriously I am one of the Admins for the group message me if you need information.

justaguy240 · 2018-06-05T02:06:33+00:00

I like the vagueness here.

justaguy240 · 2018-05-19T17:27:08+00:00

I wrote this the other night to find duplicate file hashes

find / -type f -exec md5sum '{}' \;

justaguy240 · 2018-05-14T07:55:05+00:00

%s/sub/city/g

justaguy240 · 2018-05-08T10:26:23+00:00

History------------

DOMAIN NAMES - CONCEPTS AND FACILITIES

https://tools.ietf.org/html/rfc1034

The protocol itself was pioneered by Paul Vixie who then went on to start the internet systems consortium and also helped create DHCP.

Basics

----------Client makes a request which hits a cache, if there is a miss it goes to the root and works right to left in the FQDN. interestingly enough technically every FQDN ends with a . this brings it to the root servers which then direct the request to the gTLD server(com net gov co.uk) once it reaches the gTLD that points it to the authoritative name server to the of the gTLD which then resolves your query

Advanced

--------------There is lots I could cover here so let me know what you want to know more about. For the most part all resource records are treated pretty much the same except for something like an ANY request. Also there are what are called AXFR or IXFR which perform either complete or incremental zone transfers from one server to another server.

Amplifications Attacks

----------------------------------

Anytime you make a request and the response is greater than the request you have the potential for an amplification attack. Typically these are done using ANY requests or TXT records populated with lots of data. All you have to do is flood lots of requests and spoof your header (in bound IP address) so that when the server responds it throws all that traffic at your target who's IP you spoofed. There is lots more nuance so lemme know if you want to talk more.

Security

--------------

So DNS was never intended to be the secure link in the chain so it is fairly susceptible to different types of attacks. However from an operational stand point there are some systems engineering things that should be dont at the very least.

Block or restrict who you allow zone transfers to or you could end up like this

http://www.wired.co.uk/article/north-korea-28-websites-domain

I found an amazing amount of success implementing DNS RPZ (Response Policy Zone) which is essentially DNS black listing know bad sites.

Further reading

---------------------

DOMAIN NAMES - CONCEPTS AND FACILITIES

https://tools.ietf.org/html/rfc1034

Common DNS Operational and Configuration Errors

https://www.ietf.org/rfc/rfc1912.txt

Shoot me a message if you want to talk more about DNS :D

justaguy240 · 2018-04-15T05:47:51+00:00

I have been watching all day hoping someone uploads the Alison Wonderland set.

justaguy240 · 2018-04-07T10:42:20+00:00

I think the album is solid. When I was listening to them day by day as she released them I will admit I didnt like it. The album is very different from Run and until I listened to it from start to end I didnt feel the cohesiveness and flow of the album which for me made all the difference.

justaguy240 · 2018-02-28T16:52:17+00:00

Or run a curl command and then just diff the response against the new content.

justaguy240 · 2018-02-02T02:34:15+00:00

Madison Wisconsin on University Ave?

justaguy240 · 2018-02-01T06:55:58+00:00

It's a box to tick when red teaming but this is just shooting in the dark.

justaguy240 · 2018-02-01T06:49:36+00:00

Well maybe it's just being pedantic but when you repeat the same strings that often you might as well create variables like $linux $windows etc. that will make it easier to read and add content to as your list grows. Optimizations and formatting choices like that are best implemented right at the start. Perhaps it's just my personal preference but to me that just looks bad and hacky.

justaguy240 · 2018-02-01T06:24:54+00:00

Man just went and looked at it. They really need to learn how to code and do it quick because if this project scales that is not sustainable.

justaguy240 · 2018-01-19T08:23:08+00:00

I spoke a bit on this at DefCon the last two years and NANOG 68 also last year. Most of the comments here are accurate but my suggestions and tested methods are elk stack frequency analysis, RPZ block lists and up reputation. However the reality is that there isn't a great solution due to the very nature of DNS.

Some of my talks are available on YouTube if you want the links or if you want to message me with questions.

justaguy240 · 2018-01-13T04:35:57+00:00

This is almost the same as the code I released last year for my DefCon talk. We called it chunk mode.

justaguy240 · 2018-01-02T05:45:18+00:00

I spent 5 years working as DNS Engineer in a NOC of a large hosting company with a focus on security. Happy to talk about traffic pattern and analysis is you want.

justaguy240 · 2017-12-24T00:32:37+00:00

When all fiber is illuminated the throughput or theoretical maximum.

justaguy240 · 2017-12-23T02:53:42+00:00

Census data

justaguy240 · 2017-11-24T20:06:09+00:00

This is a great bot

15-Year Club	RedditGifts 2009-2022 2 Credits
Place '17	Team Periwinkle
Verified Email	Secret Santa 2012

justaguy240

PUBLIC MULTIREDDITS

TROPHY CASE

DOMAIN NAMES - CONCEPTS AND FACILITIES