nanog mailing list archives
RE: Exploit for DNS Cache Poisoning - RELEASED
From: "Robert D. Scott" <robert () ufl edu>
Date: Wed, 23 Jul 2008 18:51:22 -0400
Actually you are not missing anything. It is a brute force attack. I think you had the right concept when you indicated that "networks and hardware may be fast enough". It is not maybe, it is; and every script kiddie on your block has the power in his/her bedroom. Then you add the college crowd sitting on 10Gig pipes to the Internet and the threat is real. But other than just muck things up where is the motivation for a poisoning? Robert D. Scott Robert () ufl edu Senior Network Engineer 352-273-0113 Phone CNS - Network Services 352-392-2061 CNS Receptionist University of Florida 352-392-9440 FAX Florida Lambda Rail 352-294-3571 FLR NOC Gainesville, FL 32611 321-663-0421 Cell -----Original Message----- From: Joe Greco [mailto:jgreco () ns sol net] Sent: Wednesday, July 23, 2008 6:31 PM To: Robert D. Scott Cc: nanog () merit edu Subject: Re: Exploit for DNS Cache Poisoning - RELEASED
Now, there is an exploit for it. http://www.caughq.org/exploits/CAU-EX-2008-0002.txt
Maybe I'm missing it, but this looks like a fairly standard DNS exploit. Keep asking questions and sending fake answers until one gets lucky. It certainly matches closely with my memory of discussions of the weaknesses in the DNS protocol from the '90's, with the primary difference being that now networks and hardware may be fast enough to make the flooding (significantly) more effective. I have to assume that one other standard minor enhancement has been omitted (or at least not explicitly mentioned), and will refrain from mentioning it for now. So, I have to assume that I'm missing some unusual aspect to this attack. I guess I'm getting older, and that's not too shocking. Anybody see it? ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
Current thread:
- Re: Software router state of the art, (continued)
- Re: Software router state of the art Naveen Nathan (Jul 23)
- Re: Software router state of the art Christopher Morrow (Jul 23)
- Re: Software router state of the art Wes Young (Jul 23)
- Message not available
- Re: Software router state of the art William Herrin (Jul 23)
- Re: Software router state of the art Kevin Oberman (Jul 23)
- Re: Software router state of the art William Herrin (Jul 23)
- Re: Software router state of the art Kevin Oberman (Jul 23)
- sizing router buffers (Re: Software router state of the art ) Mikael Abrahamsson (Jul 23)
- Exploit for DNS Cache Poisoning - RELEASED Robert D. Scott (Jul 23)
- Re: Exploit for DNS Cache Poisoning - RELEASED Joe Greco (Jul 23)
- RE: Exploit for DNS Cache Poisoning - RELEASED Robert D. Scott (Jul 23)
- Re: Exploit for DNS Cache Poisoning - RELEASED David Conrad (Jul 23)
- Re: Exploit for DNS Cache Poisoning - RELEASED Mike Lewinski (Jul 23)
- Re: Exploit for DNS Cache Poisoning - RELEASED Kevin Day (Jul 23)
- Re: Exploit for DNS Cache Poisoning - RELEASED Joe Greco (Jul 23)
- Re: Exploit for DNS Cache Poisoning - RELEASED William Herrin (Jul 23)
- Re: Exploit for DNS Cache Poisoning - RELEASED Joe Greco (Jul 24)
- Re: Exploit for DNS Cache Poisoning - RELEASED Tony Finch (Jul 24)
- Re: Exploit for DNS Cache Poisoning - RELEASED Joe Abley (Jul 23)
- Re: Exploit for DNS Cache Poisoning - RELEASED Jasper Bryant-Greene (Jul 23)
- Re: Exploit for DNS Cache Poisoning - RELEASED Patrick W. Gilmore (Jul 23)