[Noisebridge-discuss] Noisebridge's Wacky DNS Issues

Jonathan Lassoff jof at thejof.com
Wed Jun 5 04:20:46 UTC 2013


Oh so THAT'S what that was. Thanks for being awesome and figuring that out.

I don't see anything telling in the logs. However, there are some users
that just do "sudo bash", so no idea what happened in those sessions. :p

--j


On Tue, Jun 4, 2013 at 9:00 PM, Alex Buie <alex.buie at frozenfeline.net>wrote:

> Someone set up cache overrides for www.facebook.com, fbcdn.com, and
> youtube.com (which was commented out) to redirect them to the noisebridge
> wiki. Not sure if simple trolling or passive-aggressive statement against
> people using the space to watch videos/browse Facebook, but regardless,
> it's fixed.
>
> The file still exists in /etc/dnsmasq.d/baddom.conf (but with all three
> entries commented out now), if anyone with minotaur access wants to see it.
> It's properly owned by root, so presumably there's a sudo log describing
> who did it.
>
> minotaur:~$ dig +short a.ns.facebook.com
> 69.171.239.12
>
>
> -alex
>
>
> On Sun, Jun 2, 2013 at 9:08 PM, Jonathan Lassoff <jof at thejof.com> wrote:
>
>> Weird.... it's still caching those entries, despite clearing the cache.
>>
>> Somehow dnsmasq is convinced that a.ns.facebook.com. is 204.246.122.84
>> (which is the Noisebridge server).
>>
>> I can't look further into it right now, but it's sure got my curiosity
>> piqued!
>>
>> Cheers,
>> jof
>>
>>
>> On Sun, Jun 2, 2013 at 5:53 PM, Jonathan Lassoff <jof at thejof.com> wrote:
>>
>>> Wow. That's a riot.
>>>
>>> So, DNS in the space should be handing out 172.30.0.4 as a local caching
>>> resolver. That's minotaur.
>>> And, querying the cache, it seems that it has indeed cached some bunk
>>> data:
>>>
>>> `--> dig +short @172.30.0.4 graph.facebook.com. in a
>>> 204.246.122.84
>>>
>>> It's dnsmasq, so I can't easily dump or debug the cache without
>>> restarting it, losing the contents.
>>>
>>> I'll restart the cache now. Hopefully whomever was messing around is
>>> done now, and you can continue onward.
>>>
>>> I would never count on Noisebridge for interference-free internet
>>> connectivity. Such a concentration of hackers is going to lead to
>>> tomfoolery, one day or another.
>>> I always SSH-tunnel out.
>>>
>>> Cheers,
>>> jof
>>>
>>>
>>> On Sun, Jun 2, 2013 at 1:42 PM, Joe Black <joeblack949 at gmail.com> wrote:
>>>
>>>>  I was just logging into Readmill, which is a social book reading app
>>>> for the ipad, and got a very fishy response, a screenshot is worth a
>>>> thousand words
>>>>
>>>>
>>>> I was noticing yesterday some ads in the sidebar were doing something
>>>> similar. Immediately it seemed like someone had poisoned the DNS cache so I
>>>> switched my dns server to google's (8.8.8.8) and all the problems went away.
>>>>
>>>> I would hardly like to call that a permanent solution however. I'm sure
>>>> many of us know google uses that DNS server to log even more personal
>>>> information about those that use it. There are alternatives like of course
>>>> but I just thought this seemed kinda shady, if I were new to the space or
>>>> computing I'd wonder why noisebridge's wiki was trying to catch an open
>>>> auth request.
>>>>
>>>> Also I'm wondering since I'm not all that versed in mediawiki, are you
>>>> able to embed javascript into mediawiki? how hard would it be for someone
>>>> with the basic credentials to create a new page on the wiki to create this
>>>> page for nefarious purposes?
>>>>
>>>> I knew I shouldn't have let that VPN subscription lapse a month ago…
>>>>
>>>> joeblack
>>>> : joeblack949 at gmail.com
>>>> *
>>>> *
>>>>
>>>> _______________________________________________
>>>> Noisebridge-discuss mailing list
>>>> Noisebridge-discuss at lists.noisebridge.net
>>>> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>>>>
>>>>
>>>
>>
>> _______________________________________________
>> Noisebridge-discuss mailing list
>> Noisebridge-discuss at lists.noisebridge.net
>> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.noisebridge.net/pipermail/noisebridge-discuss/attachments/20130604/acf19175/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screen Shot 2013-06-02 at 1.29.47 PM 2.png
Type: image/png
Size: 148182 bytes
Desc: not available
URL: <http://www.noisebridge.net/pipermail/noisebridge-discuss/attachments/20130604/acf19175/attachment.png>


More information about the Noisebridge-discuss mailing list