nanog mailing list archives
Re: Multiple DNS implementations vulnerable to cache poisoning
From: "Patrick W. Gilmore" <patrick () ianai net>
Date: Wed, 9 Jul 2008 16:15:20 -0400
On Jul 9, 2008, at 4:07 PM, Fernando Gont wrote:
At 12:41 p.m. 09/07/2008, Steven M. Bellovin wrote:It's worth noting that the basic idea of the attack isn't new. Paul Vixie described it in 1995 at the Usenix Security Conference(http://www.usenix.org/publications/library/proceedings/security95/vixie.html )-- in a section titled "What We Cannot Fix", he wrote: With only 16 bits worth of query ID and 16 bits worth of UDP port number, it's hard not to be predictable. A determined attacker can try all the numbers in a very short time and can use patterns derived from examination of the freely available BIND code. Even if we had a white noise generator to help randomize our numbers, it's just too easy to try them all.We have one IETF ID on port randomization for years: http://www.gont.com.ar/drafts/port-randomization/index.htmlWhile this does not make the attack impossible, it does make it much harder.The same thing applies to those RST attacks circa 2004.Most of these blind attacks assume the source port numbers are easy to guess. But... why should they?
Because many name servers use one port, or easily guessable sequence of ports?
-- TTFN, patrick
Current thread:
- Re: Multiple DNS implementations vulnerable to cache poisoning, (continued)
- Message not available
- Re: Multiple DNS implementations vulnerable to cache poisoning Christopher Morrow (Jul 10)
- Re: Multiple DNS implementations vulnerable to cache poisoning David Conrad (Jul 10)
- Re: Multiple DNS implementations vulnerable to cache poisoning Jay R. Ashworth (Jul 10)
- Re: Multiple DNS implementations vulnerable to cache poisoning Michael Sinatra (Jul 10)
- RE: Multiple DNS implementations vulnerable to cache poisoning Andrews Carl 455 (Jul 10)
- Re: Multiple DNS implementations vulnerable to cache poisoning Russ Mundy (Jul 10)
- Re: Multiple DNS implementations vulnerable to cache poisoning Joao Damas (Jul 10)
- Message not available
- Re: Multiple DNS implementations vulnerable to cache poisoning David Conrad (Jul 10)
- Re: Multiple DNS implementations vulnerable to cache poisoning Jay R. Ashworth (Jul 09)
- Re: Multiple DNS implementations vulnerable to cache poisoning Patrick W. Gilmore (Jul 09)
- RE: Multiple DNS implementations vulnerable to cache poisoning Eric Davis (Jul 09)
- Re: Multiple DNS implementations vulnerable to cache poisoning Phil Regnauld (Jul 10)