Be still my heart
-
Be still my heart
-
Fi, infosec-aspected 🏳️⚧️replied to Fi last edited by
oh this is gonna make -so- many shenanigans possible holy shit
-
Fi, infosec-aspected 🏳️⚧️replied to Fi last edited by
Just imagine the attack surface of a -dns- problem getting propagated down into -routing- it's gonna be complete fucking chaos
-
Fi, infosec-aspected 🏳️⚧️replied to Fi last edited by
I wonder which CDN is behind this proposal.
-
Fi, infosec-aspected 🏳️⚧️replied to Fi last edited by
Anyway imagine an adblocker that could tarpit adserver connections aggressively
-
@munin Huawei, it says in the header, and no WG has adopted it so it has no official standing
-
Fi, infosec-aspected 🏳️⚧️replied to Fi last edited by
...ooh, greylisting* potential phishing domains and automatically interdicting the AS for the whole network. That's a tasty one.
* really ought to come up with an updated name for the technique. and something new with it; it's been a while.
-
Fi, infosec-aspected 🏳️⚧️replied to Fi last edited by
Oh hey, you could make anything headed for a specific set of domains pass through a monitoring proxy.
-
Fi, infosec-aspected 🏳️⚧️replied to Fi last edited by
.......honestly, you wouldn't need an extension to DNS to do a lot of the fun shit; you can instrument the.....
.....hm.
-
Ryan Castellucci :nonbinary_flag:replied to Fi last edited by
@munin this seems to largely be about standardizing existing clever DNS shit like location based responses - making the location info explicit rather than relying on geoip provider data
Altering responses based on QoS bits sounds entertaining.
-
Pondering my dashb-orbreplied to Ryan Castellucci :nonbinary_flag: last edited by
-
Fi, infosec-aspected 🏳️⚧️replied to Pondering my dashb-orb last edited by
Tarpitting is much more fun :3
-
Ryan Castellucci :nonbinary_flag:replied to Fi last edited by
@munin @arichtman As in, sending response indicating that the request needs to be retried as TCP, then spoon feeding the server a response a byte at a time whilst ignoring FIN packets attempting to close the connection?
-
Fi, infosec-aspected 🏳️⚧️replied to Ryan Castellucci :nonbinary_flag: last edited by
that's how iptables does it iirc, aye