Dailydave mailing list archives
Re: The audacity of thinking you're not owned
From: "Thomas Pollet" <thomas.pollet () gmail com>
Date: Mon, 14 Jul 2008 08:21:05 +0200
Hi, I have this theory - suppose you want to spoof a nonexistant subdomain of a site, e.g. pwned.paypal.com - you get a user on a website to repeatedly request something on that domain from within a web page - as the domain does not exist, every request will result in a dns lookup - while the dns request is ongoing, flood the client (and intermediate dns in a recursive scheme) with fake responses. on average this would "cost" about 200GB (for a 100 byte fake dns response). Regards, _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- The audacity of thinking you're not owned Dave Aitel (Jul 12)
- Re: The audacity of thinking you're not owned Parity (Jul 12)
- Re: The audacity of thinking you're not owned Brandon Enright (Jul 12)
- Re: The audacity of thinking you're not owned Parity (Jul 12)
- Re: The audacity of thinking you're not owned Halvar Flake (Jul 13)
- Re: The audacity of thinking you're not owned Jason Ross (Jul 13)
- Re: The audacity of thinking you're not owned Thomas Pollet (Jul 14)
- Re: The audacity of thinking you're not owned Jon Oberheide (Jul 14)
- Re: The audacity of thinking you're not owned Thomas Pollet (Jul 14)
- Re: The audacity of thinking you're not owned Brandon Enright (Jul 12)
- Re: The audacity of thinking you're not owned Parity (Jul 12)