Problems with using a non-reserved top-level domain for local DNS resolution

A network administrator at my organization (let’s call him "Bill") wants to configure an internal DNS with the live top-level domain (TLD) .int for internal IP address resolution (for Active Directory, internal websites, etc.). For example, the domain exampleinternalsite.int would resolve to the some internal site that isn’t visible to the public. Our organization has not registered these domain names with a registrar. Now I know that this is bad practice, but Bill remains unconvinced that this shouldn’t be done.

What are the problems with using a live top-level domain for internal name resolution? Specifically, what are the security implications? In addition, does this somehow conflict with some fundamental way on how DNS and name resolution is supposed to work?

Note: I originally asked this question on Network Engineering SE and was kindly referred over to this site as a better place for this question.

Metasploit unable to get local issuer certificate

I got the following versions: Framework: 5.0.86-dev Console: 5.0.86-dev

The os that metasploit is installed are windows 10.

I get a meterpreter session with an android device (genymotion virtual machine) device and desktop are on the same network and also device has enabled gps with pre-defined lat & long and when I enter the following command in meterpreter:

run post/multi/gather/wlan_geolocate APIKEY=my google map API key (clean, without quotes or anything else) GEOLOCATE=true

I get the result in the photo with the error as I describe in the title, does anyone know if its a version SSL problem or something? how and where to search to fix this problem?

enter image description here

Local file inclusion in JS written app

I am working on a project which requires the name of the page as a query parameter ‘path’ and the app stores path variable as res.query.path, so I’m concerned about LFI because my manager asked me to pay attention to it specifically. The app is using JS(express) and no PHP, so my first question is if the input is not handled carefully is it still vulnerable to PHP wrappers? and secondly, I’ve written a small function to sanitize user input, please tell if it vulnerable in an environment where path parameter is being prepended using: function prepare(dir){ return path.resolve('./public/' + dir) } for getting absolute path. and then used as input to res.sendFile().The following code removes the first character if not alphanumeric

function strip(dir){ const regex = /^[a-z0-9]$  /im  if(!regex.test(dir[0])){     if(dir.length > 0){         return strip(dir.slice(1))     }     return '' }  return dir } 

To be on the safe side I’ve also added

//Prevent directory traversal attack function preventTraversal(dir){     if(dir.includes('../')){         let res = dir.replace('../', '')         return preventTraversal(res) }   //In case people want to test locally on windows if(dir.includes('..\')){     let res = dir.replace('..\', '')     return preventTraversal(res) } return dir } 

The app’s request flow goes like this:let path=req.query.path => uses path=strip(path) => path =preventTraversal(path) => res.sendFile(prepare(page))

Untouchable local server

We have a software that needs a connection to our servers for license management purposes. Now we have a new customer who wants to use our software on systems that don’t have access to internet. So I was thinking about setting up a local server in their private network. Is it a good way? What are the flaws of this approach? Is it possible that they copy our server data and use it somewhere else? In other words can they clone our server? If they can what’s the solution? Can I in some way use a TPM to prevent cloning?

Building more diverse local Organized Play RPG community

How do I build a more diverse local RPG community? Currently, there’s several Organized Play RPG communities in my closest metro region (West Coast, USA). The largest OP group has several thousand members and a very broad, diverse demographic base with members from almost every social facet of urban life.

There are a few other OP groups that are far smaller and insular. From my observation, these groups are almost entirely ethnically white, middle-aged men. These groups range from 50-200 members at most.

I am an active member in multiple Organized Play groups, and there is a glaring difference in membership and demographics.

How do I help build an Organized Play community that doesn’t become insular and homogenous? I don’t know if a reformation approach is helpful or appropriate for these groups, but I’m not willing to accept the status quo.

I have a win 8.1 with computer from 2008. (using local net with provider’s VPN.) How can my neighbors see my deeds on the computer?

They are talking about it. And even now can see it (I believe). He is working as an electrician or network admin or somewhat related(or maybe have friends in such fields). We had a war here (not completely over yet), so can be a some soldier/militant/whoknowswho.

I have a providers VPN with password but settings without encryption(“disconnect if required encryption”)? Is it a correct settings? My Monitor is from 2006-2008. LCD. Fluorescent lamps were changed to a light diodes strips from some Chinese hardware board.(can it increase electromagnetic information that can be captured from monitor?) My keyboard is wired, but I’ve read it can be intercepted too? No antivirus except windows embedded one. I’ve tested with eset free antivirus and found almost nothing. Last year was bought a SSD drive manufactured in Poland with software with it (I don’t think it is it).

I need to work online, but they are saying things(I can hear them perfectly “thanks” to the war and corona virus quarantine we have very quite environment here.) that can be interpreted as they can actually get some info from my PC.

What is can be done which will not include buying a new pc (even if I can buy it, not sure that problem in hardware) in next 1-2 years? (too expensive for us nowadays.)

Is it possible I have a backdoor here or some open ports that have vulnerabilities?

I’ve read about metasploit but it is for servers. How can I test my computer? please help, tell me it is possible to remove them from here.

What about DNS leaking to local network or dns spoofing? I know nothing about it. What about not so genuine windows? Or my videocard issue a videosignal that can be captured 3 meters below/above(we have brick walls without metal bars and big windows. Also radiator heaters with water pipes are shared near a pc.) and rendered as a picture with not so expensive equipment?

I know for sure they comment selected channels/video pages on youtube and, maybe, a freelance site. And don’t tell me it sound stupid. I know it, but need help. I need to work but can’t because of it.

Was installed several databases for learning and all settings used by default. Is it possible that port 3306 I see in browser was opened to the outside world/local net?

Is it possible that java without update can do this? Sometimes explorer on pc crashes, restarts and shows Libraries window, but I’ve never opened it before crash(it is related).

What is the signifigance of the Dot Product in World to Local Transformations?

Looking for help understanding why this World to Local Space function works.

I’m working my way through Buckland’s Programming Game AI By Example The following function is used in the book to convert a point from world space to an agent’s local coordinate space (its i hat and j hat are AgentHeading and AgentSide respectively)

    inline Vector2D PointToLocalSpace(const Vector2D &point,                              Vector2D &AgentHeading,                              Vector2D &AgentSide,                               Vector2D &AgentPosition) {      //make a copy of the point   Vector2D TransPoint = point;    //create a transformation matrix     C2DMatrix matTransform;    double Tx = -AgentPosition.Dot(AgentHeading);   double Ty = -AgentPosition.Dot(AgentSide);    //create the transformation matrix   matTransform._11(AgentHeading.x); matTransform._12(AgentSide.x);   matTransform._21(AgentHeading.y); matTransform._22(AgentSide.y);   matTransform._31(Tx);           matTransform._32(Ty);    //now transform the vertices   matTransform.TransformVector2Ds(TransPoint);    return TransPoint; } 

I’ve been learning about vectors and matrices for the last three weeks and still I’m having a lot of trouble understanding why this works in terms of vectors and matrices. What is the reason for using a a dot product in the translation coordinates? Why is it the dot product of the agent’s position and its heading? What does this dot product correspond to geometrically?

Why not just translate by the Agent’s position?

Are there any simpler ways of representing this algorithm?