Bugtraq mailing list archives
Re: Thoughts about DNS...
From: vermont () GATE NET (Illuminati Primus)
Date: Sun, 27 Apr 1997 00:19:23 -0400
I think a temporary solution for the denial of service case is pretty obvious. If someone is trying to brute force an entry into your nameserver, the nameserver will first see a few hundred replies with incorrect ID numbers. So, all it will have to do is invalidate its last request when it notices an attack, and log who requested the name lookup (usually the attacker). Of course, this makes it possible to do denial of service attacks if you can see where a nameserver is sending a request to, but usually if they can see your network traffic youre screwed anyway. This should be effective until a much better solution that employs cryptography (ie. Secure DNS) is officially released.. In the meantime, I'll see if I can make a small patch to do this, unless one of the real bind programmers beats me to it... -Vermont Rutherfoord vermont () gate net Mongoloid Programmer PD Although its not good to have even a small window of opportunity, what percentage of the ID space could someone cross by fully saturating a T1 with forged DNS replies before the requesting server times out the request? It would be good to know what type of resources an attacker would need to make this type of attack
Current thread:
- CPSN 4-970424: Possible buffer overflow in pop3d Corinne Posse (Apr 26)
- Re: CPSN 4-970424: Possible buffer overflow in pop3d George Staikos (Apr 26)
- Re: CPSN 4-970424: Possible buffer overflow in pop3d Derric Scott (Apr 27)
- Re: CPSN 4-970424: Possible buffer overflow in pop3d J. Joseph Max Katz (Apr 28)
- Re: CPSN 4-970424: Possible buffer overflow in pop3d Johannes Erdfelt (Apr 28)
- Re: CPSN 4-970424: Possible buffer overflow in pop3d Derric Scott (Apr 27)
- Overflow in xlock George Staikos (Apr 26)
- Re: Overflow in xlock David Hedley (Apr 27)
- Re: Overflow in xlock Bollinger (Apr 27)
- Re: Overflow in xlock Andrew G. Morgan (Apr 27)
- Thoughts about DNS... Thomas H. Ptacek (Apr 26)
- Re: Thoughts about DNS... Illuminati Primus (Apr 26)
- Re: Thoughts about DNS... Thomas H. Ptacek (Apr 26)
- Re: Thoughts about DNS... Illuminati Primus (Apr 26)
- Re: Thoughts about DNS... Thomas H. Ptacek (Apr 27)
- BIND ID Brute Force Fix Illuminati Primus (Apr 27)
- Re: Thoughts about DNS... Illuminati Primus (Apr 27)
- Re: Thoughts about DNS... Thomas H. Ptacek (Apr 27)
- Re: Thoughts about DNS... Illuminati Primus (Apr 26)
- Re: CPSN 4-970424: Possible buffer overflow in pop3d George Staikos (Apr 26)
- <Possible follow-ups>
- Re: CPSN 4-970424: Possible buffer overflow in pop3d Andy Church (Apr 28)