Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Windows DNS Cache Poisoning by Forwarder DNS Spoofing

From: Makoto Shiotsuki <shio () st rim or jp>
Date: Wed, 18 Apr 2007 14:26:41 +0900
The attack described just now, is that this vulnerability combined with
the traditional "birthday" attack scenario allows another form of
attack.  The birthday attacks in general are still possible on any DNS
server which doesn't randomize source ports, but may be more difficult
to conduct than this new attack. (I'm not sure, I haven't run the
numbers.)


Thank you for the clarification, Tim.
That is exactly what I wanted to say. :)

By the way, as regards recent Bind 9, birthday attack is much more
difficult to conduct because even if the attacker sends multiple
simultaneous recursive queries, Bind 9 aggregates these queries.

In addition, there is a patch written by Jinmei-san for Bind 9.4.0
(current release) to randomize source ports.

  http://www.jinmei.org/bind-9.4.0-portpool.patch
  http://member.wide.ad.jp/tr/wide-tr-dns-bind9-portpool-01.txt
  (technical report from WIDE project in Japanese)

Makoto Shiotsuki
Previous By Date Next
Previous By Thread Next

Current thread: