Security Incidents mailing list archives
Re: DNS Injection Problem
From: "Blade Runner" <blade () seven com br>
Date: Tue, 6 May 2003 10:48:50 -0300 (BRT)
You were the first to mention it, I am studying the subject. One interesting thing to quote, and sorry about the ignorance, is: Is possible to restart the DNS server with such attack? The local where the .zone and named.inc ( dns conf file ) file are stored is protected with these permission "-rw-r--r--", only root can modify or add new files ( theorically ). I am fear that the attacker is getting root privileges somewhere else to do that. But maybe in my research about dns poisonig I can get the answer. I will isolate the server to run a sniffer and check the queries, if the problem is with DNS it will be easier to detect even for a newbie :-) . Thanks.
Have you thought about DNS cache poisoning? references: http://www.securityfocus.com/guest/17905 http://www.sans.org/rr/firewall/DNS_spoof.php http://csrc.nist.gov/fasp/FASPDocs/network-security/NISTSecuringDNS.htm http://www.acmebw.com/resources/papers/securing.pdf Can you put a sniffer, e.g. ethereal on the link and see if anyone is sending you the bad data in response to queries? cheers, Jamie -- James Riden / j.riden () massey ac nz / Systems Programmer - Security Information Technology Services, Massey University, NZ. Tel: +64 (0) 6356 9099 ext. 7402
-- Blade Runner - Squirrel Mail Linux Powered LICQ 40959703 ---------------------------------------------------------------------------- Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-incidents ----------------------------------------------------------------------------
Current thread:
- DNS Injection Problem Blade Runner (May 05)
- Re: DNS Injection Problem Danny (May 05)
- Re: DNS Injection Problem Glenn Forbes Fleming Larratt (May 06)
- Re: DNS Injection Problem Blade Runner (May 06)
- Re: DNS Injection Problem David Conrad (May 05)
- OT:Healthcare incidents? Paul Farley (May 06)
- RE: Healthcare incidents? Paul Farley (May 06)
- OT:Healthcare incidents? Paul Farley (May 06)
- Re: DNS Injection Problem Benjamin A. Okopnik (May 06)
- Re: DNS Injection Problem Chip Mefford (May 06)
- Re: DNS Injection Problem Þórhallur Hálfdánarson (May 06)
- Message not available
- Re: DNS Injection Problem Blade Runner (May 06)
- Re: DNS Injection Problem Danny (May 05)
- Re: DNS Injection Problem Stephen P. Berry (May 07)