Thread: OT Yahoo breach
View Single Post
  #76   Report Post  
Posted to alt.home.repair
Diesel Diesel is offline
external usenet poster
  
Posts: 1,131
Default OT Yahoo breach
AL Wed,
28 Sep 2016 04:47:12 GMT in alt.home.repair, wrote:

On 9/27/2016 6:50 PM, Diesel wrote:

DNS server doesn't get your email, doesn't forward your email to
anyplace. Doesn't even know you plan to send an email and could
care less.

A DNS server can be hacked.

Yes, that's entirely possible. you could 'reconfigure' the DNS server
to fork an entirely different IP address than the one of the real
destination server and setup a honeypot to capture incoming emails;
you'd have to be sure you told your email server not to deny any
incoming emails because the mailbox doesn't actually exist though.
Easily done using for example, Mail enable. If that's something you
want to do.

None of that has anything to do with what I was originally writing
about though. The DNS server itself still isn't getting a copy of
your email. As that's not what it's for.

As your computer really doesn't know what to do with a domain name
(not to be confused with a local area network domain controller;
entirely different beastie); that's for your comfort, it just wants
an IP address. Domain names are far easier to remember than a pile of
IP addresses.

Depends on the route.

Email isn't setup like usenet or irc for that matter. Please, do
yourself a favor, re-read your own url and the ones I took the time
to provide you in my previous reply. It's a much more 'direct' path.

Yes, you could 'hack' a DNS server and redirect queries for specific
domain names to an IP of your choosing, but, that isn't what we're
discussing. You're under the misconception that your email travels
through many servers before reaching the intended one. And, that's
not the case.

If you didn't specify a domain, but an IP address instead, It'll
attempt to contact the IP you provided instead. Even if the DNS
server you're using is compromised, providing an IP instead of a
domain name negates it, as it's not going to be queried.

hacking can occur en route.

Only if we're using domains and trusting DNS servers that could be
compromised. If we're using hard coded WAN side IP addresses, then,
not so much, no. That would require ISP or better level 'hacking' of
sorts. Most likely, an inside job. OR! Duping you into doing
something stupid and compromising your own machine by configuring it
to use a specific DNS server so you can control the IP address it
returns when queried. Note, I said, a specific DNS server. And it
would still have to be queried to provide the rogue IP address. If
you don't use the domain name, the compromised DNS server plays no
part.

SMPT can be hacked.

It's SMTP, but, I digress.

Maybe if we were hooked by a direct wire. Otherwise depending on
the route there's likely many routers/SERVERS in between.

A router isn't a 'server'; Although it may have a server package of
sorts on board for local/remote administration, etc. They have a tiny
web server for this purpose, built in. It could also have a telnet
server, if you prefer configuration via console. Some have both.

You seem to be grasping at straws here. A rogue router could do
malicious things, certainly. You're being overly paranoid at this
stage, though. And, still showing that you really don't understand
how an email you send gets to it's destination. What's worse, you've
demonstrated that you don't understand most/any? of the material
being discussed at the urls you provided originally or in your follow
up post...

At the same time though, you are making a very good example of why I
think the general public isn't qualified on their own merits to
determine my fate in a trial involving hacking. YOU don't understand
WTF you're writing about.

Doesn't have to be. See DNS hack above.

Apples and oranges to be blunt.

I know a considerable amount about this; rogue software, deception,
etc. Malwarebytes paid me well for my knowledge and expertise on the
subject.

Even if you did compromise a top level DNS server for awhile , You
haven't gained control of all of them. What's worse, if the DNS
server I use already has an IP address for a domain I want to
contact, it's not going to ask the top level DNS server you hacked
anything. It'll only ask DNS servers higher up the food chain until
it reaches one that's familiar with the domain I'm asking about and
gets an IP from it and again, lemme stress, this only happens if it
doesn't already have a record of that domain.

From the second url I shared with you, previously, that, you didn't
read...much?

Address resolution mechanism

Domain name resolvers determine the domain name servers responsible
for the domain name in question by a sequence of queries starting
with the right-most (top-level) domain label.
A DNS recursor consults three name servers to resolve the address
www.wikipedia.org.

For proper operation of its domain name resolver, a network host is
configured with an initial cache (hints) of the known addresses of
the root name servers. The hints are updated periodically by an
administrator by retrieving a dataset from a reliable source.

Assuming the resolver has no cached records to accelerate the
process, the resolution process starts with a query to one of the
root servers. In typical operation, the root servers do not answer
directly, but respond with a referral to more authoritative servers,
e.g., a query for "www.wikipedia.org" is referred to the org servers.
The resolver now queries the servers referred to, and iteratively
repeat this process until it receives an authoritative answer. The
diagram illustrates this process for the host www.wikipedia.org.

This mechanism would place a large traffic burden on the root
servers, if every resolution on the Internet would require starting
at the root. In practice caching is used in DNS servers to off-load
the root servers, and as a result, root name servers actually are
involved in only a fraction of all requests.

And people would notice something is seriously wrong. Lots of people.
As they did with the lizard squad hack you mentioned. it didn't take
them long to figure out some bull**** was going on with a DNS server
and a bogus web site. Didn't take a rocket scientist to isolate the
compromised DNS server, either. It was obvious.

And available to ISP personnel for their hacking enjoyment?

Your ISP can technically see everything your box is doing that isn't
encrypted, yes. That's always been the case as they are your link to
the internet and they have an upstream beyond them as well that can
also see what your machine has been doing as well as everyone else
machines that use that particular ISP.

If you're using encryption, they can only see that you reached out to
so and so server at such and such IP, but, they cannot view the
contents of what you exchanged with that particular server.

What your alluding to is a form of a man in the middle attack. I
don't disagree with that. I disagree with the idea that you think
your email is traveling all sorts of different places before it
reaches it's 'final destination' as that isn't so.

It's not difficult for the administrator of the email server you
use/correspond with to spy on you, if they want. I can pull up the
contents of ANY of the users mailboxes on mine, with ease. I don't as
a rule, but I can.

It's more like the BBS days, actually. It's the SysOps equipment and
he/she has access to your message posts, and 'private' emails sent to
other users on the board. It's why my boards would inform people that
nothing they do on my system should be considered private as I do
have full access to any/all information exchanges. If you're using
encryption, obviously I can't 'read' what you wrote (assuming you
used something 'real' vs some crack pot home brew garbage that I can
crack), but I know you wrote something and I know who you wrote it
to.

Your ISP is no different in that respect. Nor is the owner of the
email server you use or the owner of the email server you sent the
email to. It's best to assume that unless your comms are encrypted
with a solid cypher, either end administration can read them at will.

I'm not the paranoid one. And the chances of any of the above
happening to me or the paranoid one are nil IMO. But I don't think
I can convince him.

The chances are extremely remote as long as you follow safer hex
practices, yes. None of this has anything to do with your original
suggestion that many servers are getting copies of your email,
though. That's not how it works.

--
People you encounter every day are fighting battles you know nothing
about. Be kind.

Reply With QuoteReply With Quote