Posts

Showing posts from March, 2020

DNS insights - UDP vs TCP and EDNS

Image
In this article I will elaborate the research I did in relation to DNS (Domain Name Service). The particular issue discussed here is when and how DNS uses TCP or UDP transport layer in relation to the packet size. Normally, DNS will run queries and replies via UDP protocol unless there is a Zone Transfer , incremental or full (IXFR or AXFR , respectively). According to the original DNS specification as given in the RFC 1035 (https://www.ietf.org/rfc/rfc1035.txt), DNS will also use TCP for packets larger than 512 bytes. However, there was another RFC issued in 2013 which is RFC 6891 (Extension Mechanism for DNS), labelled as EDNS(0). https://tools.ietf.org/html/rfc6891 I came across this issue accidentally, but as we will see in the text, some issues were noticed that are some not well documented reasons why DNS may fail to comply with EDNS. To do the proper investigation, here are some assumptions I worked with: a) I wanted to check DNS clients from both Windows and Linux b) I wan...

SMS scam and phishing web sites

Image
This post will describe the phishing campaign that target myself, among other individuals. In this review I will explain the reasoning (both technical and social) in assessing the validity of the sites, messages and the logic behind an attempt to obtain personal data from individuals.  The whole story began when I received this SMS message on my mobile. The SMS itself looks pretty much regular, even though the URL it directs you to is not exactly what I'd expect from a courier company. Not only it does not contain the names of either DHL, FastTrack, Post or any similar courier, but rather obscure name (gh4). Anyway, this was not my primary trigger - my primary trigger was an "every day life practice" - I could not remember I purchased anything! So, first thing firs, I contacted my wife to check if we're expecting anything. No. Ok, something's weird here...Let's investigate. I started with simple domain lookups to see who owns this web site. Ok, not much ...