Vulnerability Development mailing list archives
Re: distributed.net and seti@home
From: OFriedrichs () SECURITY-FOCUS COM (Oliver Friedrichs)
Date: Tue, 1 Feb 2000 11:19:37 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Often DNS servers don't allow queries from strangers, which is good and should be the default configuration (except external queries for your domains).
This isn't true at all. By default anyone can launch recursive queries through pretty much any nameserver (AFAIK no default configurations will prevent this). Even then, many nameservers don't support this type of access restriction to begin with (NT). If someone does limit the source of recursive queries, I can still spoof a query from a valid source. Afterall, all I want is the DNS server to send out a recursive query so I can poison it's cache, I don't care about getting a response. DNS cache corruption will be possible until DNS-SEC is in wide use. I haven't seen any tools using the parallel query attack to poison the cache however (yet). Randomizing the query ID does little to protect you if you can send 100 queries for the same name, causing BIND to send out 100 queries. All of a sudden you've increased your chance of guessing a valid ID to 1/6554 instead of 1/65535. Send out a 1000 queries and you only need to send out 655 spoofed replies to get one right. I believe BIND will still do this, however I don't know what it does when it receives invalid replies - whether it invalidates the original query or not. Something to look at.. Oliver Friedrichs securityfocus.com -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com> iQA/AwUBOJcwkMm4FXxxREdXEQJSogCfU+sJgNsKag4Q9cYTjMlyDsh4AqYAnRf2 bjXDtopvoomQw9i+jq1u1aaV =u1Bi -----END PGP SIGNATURE-----
Current thread:
- Re: distributed.net and seti@home Sen_Ml Sen_Ml (Jan 30)
- Re: distributed.net and seti@home Stefan Aeschbacher (Feb 01)
- <Possible follow-ups>
- Re: distributed.net and seti@home Robert Wojciechowski Jr. (Jan 31)
- Re: distributed.net and seti@home Sebastian (Jan 31)
- Re: distributed.net and seti@home Clifford, Shawn A (Jan 31)
- Re: distributed.net and seti@home Seth R Arnold (Jan 31)
- Re: distributed.net and seti@home CyberPsychotic (Jan 31)
- Re: distributed.net and seti@home Oliver Friedrichs (Feb 01)
- Re: distributed.net and seti@home Iván Arce (Feb 02)
- Re: distributed.net and seti@home Oliver Friedrichs (Feb 01)
- Re: distributed.net and seti@home Sen_Ml Sen_Ml (Feb 01)
- Re: distributed.net and seti@home Kerneels (Feb 02)
- Re: distributed.net and seti@home Granquist, Lamont (Feb 03)
- Re: distributed.net and seti@home Steffen Zahn (Feb 04)
- Re: distributed.net and seti@home Sen_Ml Sen_Ml (Feb 01)
- Possible DHCP DOS attack Paul Keefer (Feb 02)
- Re: Possible DHCP DOS attack Sebastian Andersson (Feb 02)
- Re: Possible DHCP DOS attack Eric Hacker (Feb 03)
- Re: Possible DHCP DOS attack C.J. Oster (Feb 03)