Vulnerability Development mailing list archives
Re: distributed.net and seti@home
From: brycewalter () HOTMAIL COM (Bryce Walter)
Date: Mon, 31 Jan 2000 05:28:59 GMT
In theory its not too difficult to provide false dns info. -Identify the dns server for the target machine. -Issue a query to that dns server for the name you wish to provide the wrong IP address for. -Send a spoofed dns query reply that appears to be from the upstream dns server with the false data that you want.
If the clients contact the server, the only way to exploit the clients is to make the client contact your own server I suppose. This could be done via changing DNS records manually on a upstream DNS server, a hacked client, an entry in the hosts file, etc. The all require pretty much elevated access to the network (admin status) or the computer, in which case you don't have to use the distributed clients to hack into the machine. I think it is possible in some cases to insert a DNS cache entry into a DNS server manually, and you can fool all the clients that use that DNS server to contact your own server. Then you could send custom packets back to the client to overflow it, etc. That's about all I can think about right now. It's the weekend, and I am going to be lazy ;) - Robert----- Original Message ----- From: Seth R Arnold [SMTP:sarnold () willamette edu] Sent: Saturday, January 29, 2000, 5:14:58 To: Robert Wojciechowski Jr. Cc: 'VULN-DEV () SECURITYFOCUS COM' Subject: Re: distributed.net and seti@home Robert, (and list :) -- with distributed.net and seti@home, I am not so concerned with open ports -- the client goes to the trouble ofdownloadinginput data all on its own, so an open port would be superfluous. (sp?) I am thinking more along the lines of a buffer overflow, or "u17r4-s3cr3t-31337-b@ckd00r", or something like that. My personal guess is both distributed.net and seti@home are secureenoughfor most everyone's purposes. But, that is a guess, and I haven't seen anyone try to see if there is a way to get either of them to executecodethrough malformed (or perfectly-formed :) data downloads. It would makemefeel a lot better if someone out there (whitehat :) would take thetroubleto try to find holes to be exploited -- because I know of a LOT ofmachinesthat could be compromised in extremely vulnerable positions -- all withtheblessings of system administrators trying to be politically active orjusthoping to find aliens. :) Wouldn't it be annoying to wake up one day to find your wholeorganizationhas been 0wned as a result of running rc5 from distributed.net? I am not saying it would be easy, or even practical, but it might beworthchecking into. :)Robert S. Wojciechowski Jr. robertw () wojo com
______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
Current thread:
- Re: distributed.net and seti@home, (continued)
- Re: distributed.net and seti@home Justin Lintz (Jan 28)
- Re: distributed.net and seti@home CyberPsychotic (Jan 30)
- Re: distributed.net and seti@home Robert Wojciechowski Jr. (Jan 28)
- Re: distributed.net and seti@home Seth R Arnold (Jan 29)
- Re: distributed.net and seti@home Robert Wojciechowski Jr. (Jan 29)
- Re: distributed.net and seti@home Blue Boar (Jan 30)
- Re: distributed.net and seti@home Shashi Dookhee (Jan 30)
- Re: distributed.net and seti@home Matthew Pemble (Jan 30)
- Re: distributed.net and seti@home hypnos (Jan 30)
- Oracle liberal world (Jan 30)
- Re: distributed.net and seti@home Bryce Walter (Jan 30)