OK, new hosts (From October to last week) have been added and tested. I
have not yet cross-checked against Alaskan IP space to see if entirely new
domains have surfaced.
I also added Let's Encrypt as a well-known issuer (no longer shows up as
"rare issuer").
You may also want to consult dnsdumpster.com to see what the world can see
in your DNS, or you can work with the raw data yourself (usually around 70G
uncompressed, ~14G compressed download):
https://scans.io/study/sonar.fdns
For the curious, here are the new hosts that showed up since October. It's
an interesting cross-section of DNS activity.
109-182-58-66.gci.net
anc.greatlandtrust.org
answersresults.alaska.gov
api.asrc.com
apps.nge-tft.com
art162.community.uaf.edu
asmp.alaska.edu
aws.denalitek.com
bbarchive.uaa.alaska.edu
bbdev.uaa.alaska.edu
blueprint.theplansroom.com
brainandbodydonationprogram-qa.bannerhealth.com
brandcentral.worleyparsons.com
bsg.worleyparsons.com
calendar.soldotna.org
carhire-competition.ryanair.com
cdn.eaglehotel.sicilyspizza.com
connect.fairbanksfirstag.org
counselor.mzwlaw.com
cpu05.nprb.org
crewops.ryanair.com
da2012anc.alutiiq.com
dcrds.denali.gov
den.iarc.uaf.edu
ess.ci.juneau.ak.us
exchowa.asdk12.org
extranet.doyonutilities.com
f.wildapricot.org
fdfapidev.ryanair.com
gateway.anthc.org
gateway.soldotna.org
gdata.gethotwired.com
geo.stantec.com
geomatics.worleyparsons.com
git.wostmann.com
gra.soldotna.org
haarp-hpprinter.net.gi.alaska.edu
hopeinfo.hopealaska.org
imap.coastalaska.org
inbox.secureak.com
juneau-ces-5505.ne.alaska.edu
kiana-ext.lynden.com
linode1.rasmuson.org
mail.alaskachildrenseye.com
mail.alaskasleep.com
mail.alaskastyle.com
mail.bbedc.com
mail.chilkat-nsn.gov
mail.cplawak.com
mail.denaliobgyn.com
mail.fnsb.us
mail.nge-tft.com
mail.sawcak.org
mail.sheldonmuseum.net
mail.uic-ars.com
mail.unkira.org
makemake.fai.american-ak.com
mbrweb.cu1.org
mbrweb.northernskiesfcu.org
myaccount.asrc.com
myvoterinformation.alaska.gov
oat-aem.ryanair.com
odin.atsalaska.com
omanprojects.worleyparsons.com
oneway.worleyparsons.com
owncloud20.nwc.acsalaska.net
perspf2.worleyparsons.com
perthencompass.worleyparsons.com
plan4alaska.com
portal-test.asmp.alaska.edu
ppm.nusolcon.com
print.uaa.alaska.edu
proj.cbjak.org
proofpointapp.tananachiefs.org
ps669.community.uaf.edu
pws-esxi01.uaa.alaska.edu
rcs.alaska.edu
remote-anc.edc-alaska.com
remote.akconstsurveys.com
remote.akimp.com
remote.evertsair.com
remote.hoffer-glass.com
remote.mzwlaw.com
remote.pibinsure.com
remote.rasmuson.org
remote.sheldonmuseum.net
remote.thearcofanchorage.org
remote.wildernessexpress.net
rgnettest.gethotwired.com
rilkeschule.asdk12.org
rxcall.bannerhealth.com
salmon.community.uaf.edu
sana.juneau.lib.ak.us
server1.sundogmedia.com
server2.sundogmedia.com
sfsz1.alasconnect.com
sharefile.alaskausa.org
sharefile.pdceng.com
sit-arcgis.uas.alaska.edu
smtpgateway.nabors.com
spapps.chenega.com
ssl.anthc.org
sslvpn.andrews.summitesp.com
sso.nabors.com
support.capefoxit.com
swoop.alaska.gov
sync-cho.ryanair.com
texada.briceinc.com
timesheets.aidea.org
tmg1.northernaviationservices.aero
tril.secureak.com
ts.capefoxit.com
uafacuasiserver.iarc.uaf.edu
vcs-content3.h323.alaska.edu
voltage-pp-0000.cu1.org
voterregistration.alaska.gov
vpnjnu.akleg.gov
webfilter.aptalaska.net
webhelpdesk.goldbelt.com
webmail.alaska-cpas.com
webmail.bnblaw.com
webmail.crpipe.net
webmail.fullfordelectric.com
webserv.greatlandtrust.org
wolf.rcalaska.com
www2.anthc.org
Royce
On Mon, Mar 7, 2016 at 4:57 PM, Royce Williams <royce@tycho.org> wrote:
> The results have been updated to fix the "DROWN unknown" issue (all stale
> scans have been refreshed).
>
> So everything in the table is current as of the past day or two. I'll try
> to get the missing A records in there this evening.
>
> Royce
>
> On Mon, Mar 7, 2016 at 7:53 AM, Royce Williams <royce@tycho.org> wrote:
>
>> A few caveats:
>>
>> - This first pass is based on older DNS dumps from October. I'll be
>> processing newer DNS dumps in the next day or so. So if you have new A
>> records since October, I haven't scanned them yet.
>>
>> - My best understanding of remediation is to disable SSLv2 everywhere you
>> can, and generate new RSA keys for all (even indirectly) affected hosts.
>>
>> - The Qualys tester only tests 443, so if you have non-443 hosts, you'll
>> need to check them yourself using one of the other resources here:
>>
>> http://www.techsolvency.com/story-so-far/cve-2016-0800_sslv2-drown/
>>
>> - This is a volunteer best effort, and no substitute for you nmapping
>> your own IP space on all ports for SSL, dumping zones out of your DNS, etc
>> to run this stuff to ground.
>>
>> - Qualys only tests HTTPS, so any other protocols -- SSL VPNs, POP, IMAP,
>> etc -- will also need to be checked for DROWN.
>>
>> Royce
>>
>> On Mon, Mar 7, 2016 at 7:29 AM, Royce Williams <royce@tycho.org> wrote:
>>
>>> Now that SSL Labs has support for checking for DROWN, I've rescanned my
>>> Alaskan TLS list and updated the results here:
>>>
>>> http://www.techsolvency.com/tls/
>>>
>>>
>
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Tue Mar 8 07:43:06 2016
This archive was generated by hypermail 2.1.8 : Tue Mar 08 2016 - 07:43:06 AKST