Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Full Disclosure: Full-Disclosure

what is DNS response that 255.255.255.255?

  

 
Full Disclosure full-disclosure RSS feed   Index | Next | Previous | View Threaded


kimms at infosec

Mar 17, 2009, 1:52 AM

Post #1 of 3 (1172 views)
Permalink
what is DNS response that 255.255.255.255?
Hello.



I¡¯m testing malware.

It DNS query xxxxxxxxxxx.ods.org and xxxxxxxxx.daemon.sh

And response is 255.255.255.255



What is 255.255.255.255?

Can DNS hosting company set that specific DNS name set to 255.255.255.255?


handrix at gmail

Mar 17, 2009, 4:57 AM

Post #2 of 3 (1098 views)
Permalink
Re: what is DNS response that 255.255.255.255? [In reply to]
Hello,

Well, the blocklist of IPv4 address is (0.0.0.0 - 255.255.255.255),
and the IPv4 defines many classes A,B,C,D,E, the address 255.255.255.255
reside in class E (240.0.0.0 - 255.255.255.255)
and that class should not be used on IP networks. it's just for experimental
purpose.

Anyway, the address 255.255.255.255 is a broadcast that deliver message
from one sender to many recipients.
Sending a direct message to an IP broadcast for example to 255.255.255.255
indicate that all other nodes on LAN should receive that message.
You can send a broadcast ping on your LAN by typing:
$ ping -b 255.255.255.255
That result all active target on you local network response to ping.



Best regards,


2009/3/17 ±è¹«¼º <kimms [at] infosec>

> Hello.
>
>
>
> I¡¯m testing malware.
>
> It DNS query xxxxxxxxxxx.ods.org and xxxxxxxxx.daemon.sh
>
> And response is 255.255.255.255
>
>
>
> What is 255.255.255.255?
>
> Can DNS hosting company set that specific DNS name set to 255.255.255.255?
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



--
Ali MEZGANI
Network Engineering/Security
http://securfox.blogspot.com/
http://www.secufox.org/


pabloroberto at gmail

Mar 17, 2009, 10:26 AM

Post #3 of 3 (1087 views)
Permalink
Re: what is DNS response that 255.255.255.255? [In reply to]
I lauched

ping windowsupdate.daemon.sh it is resolving to a public IP.
PING windowsupdate.daemon.sh (218.18.149.138) 56(84) bytes of data.

The whois:

inetnum: 218.13.0.0 - 218.18.255.255
netname: CHINANET-GD
descr: CHINANET Guangdong province network
descr: Data Communication Division
descr: China Telecom
country: CN


http://www.vsantivirus.com/mofei-c.htm


At this web site are showing something different but the virus is using
the same DNS Resolution.

Do you see anything else?
Could you tell me more about your tests?

Regards,




El mar, 17-03-2009 a las 17:52 +0900, 김무성 escribió:
> Hello.
>
>
>
> I’m testing malware.
>
> It DNS query xxxxxxxxxxx.ods.org and xxxxxxxxx.daemon.sh
>
> And response is 255.255.255.255
>
>
>
> What is 255.255.255.255?
>
> Can DNS hosting company set that specific DNS name set to
> 255.255.255.255?
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Full Disclosure full-disclosure RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.