Full Disclosure mailing list archives

Re: DNS spoofing issue. Thoughts on

From: imipak <imipak () gmail com>
Date: Sat, 26 Jul 2008 20:34:36 +0100

Hi Paul,

The attack isn't "impossible", it's more like "1% chance *per hour* that
your IDS doesn't notice and stop the attempts".  Big difference...


The information that I have says it's statistically impossible *if*
you are patched.



It's not statistically impossible; it just takes 2^16 times longer.
And as Joe Greco observed on NANOG:

But realizing that going from 11 seconds to (11 * 64512 =) 8.21 days is
not a significant jump from the PoV of an attacker would certainly have
factored into my decision-making process.


http://readlist.com/lists/trapdoor.merit.edu/nanog/7/37358.html


IDS of various flavours (from the straightforward cache-monitoring
script posted yesterday, to Snort or the latest "Enterprise Intrusion
Prevention solution" changes the odds somewhat, but this is what is
meant when people say DNSSEC is the only solution (on the table today,
anyway) to the fundamental problem.


=i

-- 
make way for history
flickering like a long-lost memory

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: DNS spoofing issue. Thoughts on imipak (Jul 26)
- Re: DNS spoofing issue. Thoughts on Paul Schmehl (Jul 26)
- Message not available
  - Re: DNS spoofing issue. Thoughts on n3td3v (Jul 26)
    - Re: [inbox] Re: DNS spoofing issue. Thoughts on Exibar (Jul 26)
- <Possible follow-ups>
- Re: DNS spoofing issue. Thoughts on Paul Szabo (Jul 26)
  - Re: DNS spoofing issue. Thoughts on Valdis . Kletnieks (Jul 26)
- Re: DNS spoofing issue. Thoughts on Glenn.Everhart (Jul 27)
  - Re: DNS spoofing issue. Thoughts on Valdis . Kletnieks (Jul 30)
- Re: DNS spoofing issue. Thoughts on John D. Reason (Jul 27)