[Cerowrt-devel] First DNSSEC failure with CeroWRT
Aaron Wood
woody77 at gmail.com
Sun Apr 20 02:16:42 EDT 2014
It was an interesting find, which btw, silently breaks portions of online banking, as it redirects through the sso gateways.
-Aaron
Sent from my iPhone
> On Apr 19, 2014, at 21:20, Dave Taht <dave.taht at gmail.com> wrote:
>
> you should report it to bank of america and see what happens.
>
> root at lorna-gw:/etc/config# nslookup www.bankofamerica.com
> Server: 127.0.0.1
> Address 1: 127.0.0.1 localhost
>
> Name: www.bankofamerica.com
> Address 1: 171.161.207.100
> root at lorna-gw:/etc/config# nslookup sso-fi.bankofamerica.com
> Server: 127.0.0.1
> Address 1: 127.0.0.1 localhost
>
> nslookup: can't resolve 'sso-fi.bankofamerica.com': Name or service not known
>
>> On Sat, Apr 19, 2014 at 12:19 PM, Dave Taht <dave.taht at gmail.com> wrote:
>> I'm not sure if what you are actually seeing here is a failure or a
>> success! It does appear that this is
>> indeed a bogus DS.
>>
>> http://dnssec-debugger.verisignlabs.com/sso-fi.bankofamerica.com
>>
>>> On Sat, Apr 19, 2014 at 2:43 AM, Aaron Wood <woody77 at gmail.com> wrote:
>>> One of the many servers involved with BofA's online banking:
>>>
>>> Sat Apr 19 09:37:37 2014 daemon.info dnsmasq[29719]: using nameserver
>>> 8.8.4.4#53
>>> Sat Apr 19 09:37:37 2014 daemon.info dnsmasq[29719]: using nameserver
>>> 8.8.8.8#53
>>> Sat Apr 19 09:37:37 2014 daemon.info dnsmasq[29719]: using local addresses
>>> only for domain home.lan
>>> Sat Apr 19 09:37:37 2014 daemon.info dnsmasq[29719]: read /etc/hosts - 1
>>> addresses
>>> Sat Apr 19 09:37:37 2014 daemon.info dnsmasq-dhcp[29719]: read /etc/ethers -
>>> 0 addresses
>>> Sat Apr 19 09:37:39 2014 daemon.info dnsmasq[29719]: query[A]
>>> saml-bac.onefiserv.com from 172.30.42.99
>>> Sat Apr 19 09:37:39 2014 daemon.info dnsmasq[29719]: forwarded
>>> saml-bac.onefiserv.com to 8.8.4.4
>>> Sat Apr 19 09:37:39 2014 daemon.info dnsmasq[29719]: forwarded
>>> saml-bac.onefiserv.com to 8.8.8.8
>>> Sat Apr 19 09:37:39 2014 daemon.info dnsmasq[29719]: dnssec-query[DS]
>>> saml-bac.onefiserv.com to 8.8.4.4
>>> Sat Apr 19 09:37:41 2014 daemon.info dnsmasq[29719]: reply
>>> saml-bac.onefiserv.com is BOGUS DS
>>> Sat Apr 19 09:37:41 2014 daemon.info dnsmasq[29719]: validation result is
>>> BOGUS
>>> Sat Apr 19 09:37:41 2014 daemon.info dnsmasq[29719]: reply
>>> saml-bac.onefiserv.com is <CNAME>
>>> Sat Apr 19 09:37:41 2014 daemon.info dnsmasq[29719]: reply
>>> saml-bac.gslb.onefiserv.com is 64.128.98.58
>>>
>>>
>>> Sat Apr 19 09:38:04 2014 daemon.info dnsmasq[29719]: query[A]
>>> sso-fi.bankofamerica.com from 172.30.42.99
>>> Sat Apr 19 09:38:04 2014 daemon.info dnsmasq[29719]: forwarded
>>> sso-fi.bankofamerica.com to 8.8.4.4
>>> Sat Apr 19 09:38:04 2014 daemon.info dnsmasq[29719]: forwarded
>>> sso-fi.bankofamerica.com to 8.8.8.8
>>> Sat Apr 19 09:38:04 2014 daemon.info dnsmasq[29719]: dnssec-query[DS]
>>> sso-fi.bankofamerica.com to 8.8.8.8
>>> Sat Apr 19 09:38:05 2014 daemon.info dnsmasq[29719]: query[A]
>>> sso-fi.bankofamerica.com from 172.30.42.99
>>> Sat Apr 19 09:38:05 2014 daemon.info dnsmasq[29719]: dnssec retry to 8.8.8.8
>>> Sat Apr 19 09:38:06 2014 daemon.info dnsmasq[29719]: reply
>>> sso-fi.bankofamerica.com is BOGUS DS
>>> Sat Apr 19 09:38:06 2014 daemon.info dnsmasq[29719]: validation result is
>>> BOGUS
>>> Sat Apr 19 09:38:06 2014 daemon.info dnsmasq[29719]: reply
>>> sso-fi.bankofamerica.com is <CNAME>
>>> Sat Apr 19 09:38:06 2014 daemon.info dnsmasq[29719]: reply
>>> saml-bac.onefiserv.com is 64.128.98.58
>>>
>>> _______________________________________________
>>> Cerowrt-devel mailing list
>>> Cerowrt-devel at lists.bufferbloat.net
>>> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>>
>>
>>
>> --
>> Dave Täht
>>
>> NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article
>
>
>
> --
> Dave Täht
>
> NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article
More information about the Cerowrt-devel
mailing list