Bugtraq mailing list archives
Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer)
From: Amit Klein <aksecurity () gmail com>
Date: Sat, 28 Jul 2007 00:34:13 +0200
Tim Newsham wrote:
"it's not like this hasn't been reported, and fixed, many times by many others" - so if it's fixed so many times, how come it was still vulnerable, and ISC had to issue their patches?Because its just a 16-bit field. DNS is broken. Cache poisoning will happen. Those are the facts on the ground. The only argument leftis the degree of brokenness.
Perhaps. Even so, adding, as you (and many others) suggested previously, UDP source port (strong) randomization, in combination with strong transaction ID randomization would make poisoning way way harder than where it is today. Instead of 16 bits, you'd have ~30 bits of (strong) randomness. That's much better, and there's no reason I see why it can't be implemented today.
Current thread:
- "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer) Amit Klein (Jul 24)
- <Possible follow-ups>
- Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer) securityfocus (Jul 24)
- Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer) Amit Klein (Jul 24)
- Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer) Jamie Riden (Jul 26)
- Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer) Theo de Raadt (Jul 27)
- Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer) Gadi Evron (Jul 27)
- Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer) Tim (Jul 27)
- Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer) Amit Klein (Jul 27)
- Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer) Tim Newsham (Jul 27)
- Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer) Amit Klein (Jul 27)