Dailydave mailing list archives
Re: DNS Speculation
From: ninjaboy <n0b0dyn1nj4 () gmail com>
Date: Thu, 24 Jul 2008 01:26:19 +0200
2008/7/23 Cedric Blancher <blancher () cartel-securite fr>:
Le mardi 22 juillet 2008 à 02:42 -0700, Alexander Sotirov a écrit :Spoofing a A record: Right before step 7, the attacker sends a spoofed response from ns.google.com that includes an A record for www.google.com and points it to 1.2.3.4 (which is an attacker controlled name server). If the attacker does not win the race, they just try again with 1235.google.com and so on.And, what about spoofing 1234.google.com as described everywhere and add an Authority RR stating that NS record for google.com is ns.malicious.net, and an Additional one giving A record for ns.malicious.net ? According to RFC 2181, section 5.4.1, authority data from an authoritative answer have a better priority than the ones from a non-authoritative one. When ns.isp.com is getting NS record from .com (step 5), it is done through a non-authoritative answer. Therefore, our successful spoofed answer should update google.com NS record(s) in ns.isp.com cache
http://www.caughq.org/exploits/CAU-EX-2008-0002.txt -- noone is alone. _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: DNS Speculation, (continued)
- Re: DNS Speculation Blue Boar (Jul 23)
- Re: DNS Speculation Alexander Sotirov (Jul 22)
- Re: DNS Speculation natron (Jul 22)
- Re: DNS Speculation Dominique Brezinski (Jul 22)
- Message not available
- Re: DNS Speculation Dominique Brezinski (Jul 22)
- Re: DNS Speculation Petja van der Lek (Jul 22)
- Re: DNS Speculation Tyler Krpata (Jul 23)
- Re: DNS Speculation Alexander Sotirov (Jul 22)
- Re: DNS Speculation ninjaboy (Jul 23)
- Re: DNS Speculation Cedric Blancher (Jul 24)
- Re: DNS Speculation marc_bevand (Jul 25)
- Re: DNS Speculation Bryan Burns (Jul 25)
- Message not available
- Re: DNS Speculation marc_bevand (Jul 28)
- Re: DNS Speculation natron (Jul 22)
- Re: DNS Speculation Dominique Brezinski (Jul 23)