nanog mailing list archives
Re: Exploit for DNS Cache Poisoning - RELEASED
From: Tony Finch <dot () dotat at>
Date: Thu, 24 Jul 2008 13:21:07 +0100
On Wed, 23 Jul 2008, Kevin Day wrote:
The new way is slightly more sneaky. You get the victim to try to resolve an otherwise invalid and uncached hostname like 00001.gmail.com, and try to beat the real response with spoofed replies. Except this time your reply comes with an additional record containing the IP for www.gmail.com to the one you want to redirect it to. If you win the race and the victim accepts your spoof for 00001.gmail.com, it will also accept (and overwrite any cached value) for your additional record for www.gmail.com as well.
RFC 2181 says the resolver should not overwrite authoritative data with additional data in this manner. I believe the Matasano description is wrong. Tony. -- f.anthony.n.finch <dot () dotat at> http://dotat.at/ FORTIES CROMARTY FORTH TYNE DOGGER: EAST OR SOUTHEAST 3 OR 4, INCREASING 5 OR 6 LATER. SLIGHT OR MODERATE. FOG PATCHES. GOOD, OCCASIONALLY VERY POOR.
Current thread:
- sizing router buffers (Re: Software router state of the art ), (continued)
- sizing router buffers (Re: Software router state of the art ) Mikael Abrahamsson (Jul 23)
- Exploit for DNS Cache Poisoning - RELEASED Robert D. Scott (Jul 23)
- Re: Exploit for DNS Cache Poisoning - RELEASED Joe Greco (Jul 23)
- RE: Exploit for DNS Cache Poisoning - RELEASED Robert D. Scott (Jul 23)
- Re: Exploit for DNS Cache Poisoning - RELEASED David Conrad (Jul 23)
- Re: Exploit for DNS Cache Poisoning - RELEASED Mike Lewinski (Jul 23)
- Re: Exploit for DNS Cache Poisoning - RELEASED Kevin Day (Jul 23)
- Re: Exploit for DNS Cache Poisoning - RELEASED Joe Greco (Jul 23)
- Re: Exploit for DNS Cache Poisoning - RELEASED William Herrin (Jul 23)
- Re: Exploit for DNS Cache Poisoning - RELEASED Joe Greco (Jul 24)
- Re: Exploit for DNS Cache Poisoning - RELEASED Tony Finch (Jul 24)
- Re: Exploit for DNS Cache Poisoning - RELEASED Joe Abley (Jul 23)
- Re: Exploit for DNS Cache Poisoning - RELEASED Jasper Bryant-Greene (Jul 23)
- Re: Exploit for DNS Cache Poisoning - RELEASED Patrick W. Gilmore (Jul 23)
- Re: Exploit for DNS Cache Poisoning - RELEASED Jared Mauch (Jul 23)
- Re: Exploit for DNS Cache Poisoning - RELEASED Mike Lewinski (Jul 23)
- RE: Exploit for DNS Cache Poisoning - RELEASED Skywing (Jul 23)
- Re: Exploit for DNS Cache Poisoning - RELEASED Matthew Kaufman (Jul 23)
- https (was: Re: Exploit for DNS Cache Poisoning - RELEASED) Robert Kisteleki (Jul 24)
- Re: https (was: Re: Exploit for DNS Cache Poisoning - RELEASED) Steven M. Bellovin (Jul 24)
- Re: https Sam Stickland (Jul 24)