Dailydave mailing list archives
Re: The audacity of thinking you're not owned
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Sat, 12 Jul 2008 20:24:12 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, 12 Jul 2008 21:03:53 +0200 or thereabouts Parity <pty.err () gmail com> wrote:
My totally uninformed speculation is worth way less than $0.02, but - Dan says he discovered the attack by accident. Mapping a sequence of TXID's into a rainbow table is not something one does on a whim. Moreover, if the attack you just proposed works against TXID's, then it ought to just as likely work against source ports as well.
Agreed. I don't think this is a PRNG break at all. Here's a few reasons why: * Dan claims the flaw is in the protocol and generating random TXIDs isn't enough (yeah, we all know 16 bits isn't enough entropy). * Dozens of DNS vendors have "fixed" their code on this one. A break of dozens of different PRNGs via "rainbow tables" or whatever would be _amazing_. An attack like this would likely break TCP ISN generators too. * None of the "fixes" have been to improve randomness. A nearly random TXID (by whatever magic algorithm generated it) would make any rainbow table computationaly infeasible. * We've known for a long time that it is easy to send 64k packets, one for each TXID. The trouble has always been in racing the correctly responding system to the right answer (or DoS it so that it can't respond).
For my money, if he says he discovered it by accident, then Dan means to say that he was looking at a graph of some sort at the time. pty
Dan has my interest really peaked on this one. I think Dan has discovered a way to invalidate the remotely responding system so that you can try all TXIDs and not have it be a race. I think "by accident" means that Dan discovered some way to get the victim into a state where the correctly responding server is taken completely out of the picture so that you can just flood all the TXIDs. If you have to guess port and TXID, instead of having to flood on average, 32k, you'd have to flood 2B. Brandon -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkh5EvwACgkQqaGPzAsl94K+qQCgnDdDbMtoRQdrkH+eJxNlMtr8 TTYAnAuMKQbYX4gsJnogVsts3rxA8sBO =Oumc -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- The audacity of thinking you're not owned Dave Aitel (Jul 12)
- Re: The audacity of thinking you're not owned Parity (Jul 12)
- Re: The audacity of thinking you're not owned Brandon Enright (Jul 12)
- Re: The audacity of thinking you're not owned Parity (Jul 12)
- Re: The audacity of thinking you're not owned Halvar Flake (Jul 13)
- Re: The audacity of thinking you're not owned Jason Ross (Jul 13)
- Re: The audacity of thinking you're not owned Thomas Pollet (Jul 14)
- Re: The audacity of thinking you're not owned Jon Oberheide (Jul 14)
- Re: The audacity of thinking you're not owned Thomas Pollet (Jul 14)
- Re: The audacity of thinking you're not owned Brandon Enright (Jul 12)
- Re: The audacity of thinking you're not owned Parity (Jul 12)