GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Notices by John Kristoff (jtk@infosec.exchange)

  1. Embed this notice
    John Kristoff (jtk@infosec.exchange)'s status on Friday, 14-Mar-2025 09:08:15 JST John Kristoff John Kristoff

    #ThrowbackThursday Here is a ~20 year old plot showing the frequency distribution of client source port usage at an edu #DNS resolver. Notice how the most common ports started at around 1024? That was Microsoft Windows. This picture should look a lot different if I were to redraw this today.

    In conversation about 2 months ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/156/627/485/796/796/original/e9443abd682f454e.png
  2. Embed this notice
    John Kristoff (jtk@infosec.exchange)'s status on Wednesday, 22-Jan-2025 12:45:35 JST John Kristoff John Kristoff
    in reply to
    • sahilister

    @sahil If you want to see details about who and what is issuing queries for your names, it's a good idea.

    If your name(s) are prone to attack, it might be a bad idea unless you partner with a provider who can host and help mitigate large floods.

    If your zone(s) don't change very often and have few records, it is relatively easy to setup and run a couple of authoritative name servers, ideally on at least a couple of diverse networks using bind, unbound, or whatever you're comfortable with.

    Don't provide answers (recursion) you're not authoritative for.

    Don't forget to update your SOA serial every time you make a zone change.

    Do run your zone through various zone checking online tools (e.g., zonemaster.fr).

    Do use a provider who won't arbitrarily block networks/addresses or source ports.

    Don't run anything else on your name server, but maybe just SSH and NTP - and protect those from unsolicted access.

    You may not have a need for all their guidance, but see IETF RFCs 2870 ad 9199 for other ideas.

    In conversation about 4 months ago from infosec.exchange permalink

    Attachments

    1. Domain not in remote thumbnail source whitelist: change.do
      CHANGE with us
      A fearless commitment to creativity and innovation, we strive to craft captivating visual and structurals narratives that evoke emotion and provoke thought.
    2. No result found on File_thumbnail lookup.
      Zonemaster
  3. Embed this notice
    John Kristoff (jtk@infosec.exchange)'s status on Friday, 03-Jan-2025 17:59:11 JST John Kristoff John Kristoff
    in reply to
    • sahilister

    @sahil No. The NS RRset for aws.amazon.com (at this writing and from my vantage point) is:

    ns-106.awsdns-13.com.
    ns-1402.awsdns-47.org.
    ns-1860.awsdns-40.co.uk.
    ns-905.awsdns-49.net.

    That happens to be the same set for tp.8e49140c2-frontier.amazon.com, which is where your dig ns aws.amazon.com query would have stopped.

    aws.amazon.com and tp.8e49140c2-frontier.amazon.com. both happen to be CNAMEs that ultimately lead to dr49lng3n1n2s.cloudfront.net. Those three strung together make up a chain. All coincidentally have the same authoritative server set at present.

    You say "actual NS domain". It might help to further explain if you say what you think the "domain" is in this case.

    In conversation about 5 months ago from infosec.exchange permalink

    Attachments

    1. Domain not in remote thumbnail source whitelist: a0.awsstatic.com
      Cloud Computing Services - Amazon Web Services (AWS)
      Amazon Web Services offers reliable, scalable, and inexpensive cloud computing services. Free to join, pay only for what you use.





  4. Embed this notice
    John Kristoff (jtk@infosec.exchange)'s status on Tuesday, 31-Dec-2024 01:09:40 JST John Kristoff John Kristoff
    in reply to
    • Rob Ricci

    @ricci The UDP source port field is optional and may be set to zero.

    In conversation about 5 months ago from infosec.exchange permalink
  5. Embed this notice
    John Kristoff (jtk@infosec.exchange)'s status on Friday, 06-Dec-2024 11:30:41 JST John Kristoff John Kristoff
    in reply to
    • Tim W RESISTS

    @tim Do you remember the first or maybe early interesting abuse-related issues you had to deal with? Do they seem quaint now or were they interesting?

    In conversation about 6 months ago from infosec.exchange permalink
  6. Embed this notice
    John Kristoff (jtk@infosec.exchange)'s status on Friday, 06-Dec-2024 01:24:07 JST John Kristoff John Kristoff
    in reply to
    • Tim W RESISTS

    @tim Look at those baseball curtains. Yours had the red sox ones I hope

    In conversation about 6 months ago from infosec.exchange permalink
  7. Embed this notice
    John Kristoff (jtk@infosec.exchange)'s status on Friday, 19-Jan-2024 22:30:20 JST John Kristoff John Kristoff

    David Mills, a true Internet pioneer, passed away on January 17, 2024. Probably best known for having led the development and maintenance of #NTP for decades, he was also involved in a great deal of early Internet protocol development.

    https://elists.isoc.org/pipermail/internet-history/2024-January/009265.html

    In conversation Friday, 19-Jan-2024 22:30:20 JST from infosec.exchange permalink
  8. Embed this notice
    John Kristoff (jtk@infosec.exchange)'s status on Sunday, 11-Dec-2022 07:30:35 JST John Kristoff John Kristoff
    in reply to
    • No

    @No 1970-01-01. I just assumed all unix geeks used that.

    In conversation Sunday, 11-Dec-2022 07:30:35 JST from infosec.exchange permalink

User actions

    John Kristoff

    John Kristoff

    UIC PhD candidate | https://Dataplane.org | ICANN research fellow | Netscout. Internet infrastructure (#BGP, #DNS) and #infosec. Bit mechanic. Also: #Blues / tfr / #fedi22

    Tags
    • (None)

    Following 0

      Followers 0

        Groups 0

          Statistics

          User ID
          65700
          Member since
          10 Dec 2022
          Notices
          8
          Daily average
          0

          Feeds

          • Atom
          • Help
          • About
          • FAQ
          • TOS
          • Privacy
          • Source
          • Version
          • Contact

          GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

          Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.