Dailydave mailing list archives
Re: DNS Guess 2 for the day
From: Lee Brotherston <lee () nerds org uk>
Date: Mon, 14 Jul 2008 13:13:54 +0100
On Sun, Jul 13, 2008 at 08:09:57PM -0700, piggly wiggly wrote:
If you can spoof ICMP; You can prevent the recursor from communicating with the real nameserver. This will make it very very easy to spoof DNS as it removes the biggest hurdle; that of silencing the real nameservers. It only takes about 2min on a 10mbit/s connection to run through all 65536 possible sequence numbers so if you can prevent the recursor from talking to the real nameservers it really is easy as pie.
I'm afraid I disagree with you there Piggly Wiggly. If we break the possible times you can transmit this spoofed ICMP packet into two categories: - Transmitted before the "real" response. If an ICMP host unreachable (or some other error) is transmitted before the real DNS response is sent it will probably be ignored as the error will refer to a packet which has never been sent. - Transmitted after the "real" response. If the ICMP packet is transmitted after the response it is too late. Whilst it's true that a TCP connection can be disrupted in this way, in the case of UDP the packet has been sent and there is no additional handshaking, etc. An error cannot cause the original sender to retract the packet in some way, and so the response will make it back to the original requester. Unless of course, I have misunderstood something, in which case, flame away :) Thanks Lee -- Lee Brotherston - <lee () nerds org uk> _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- DNS Guess 2 for the day Dave Aitel (Jul 12)
- <Possible follow-ups>
- Re: DNS Guess 2 for the day Petja van der Lek (Jul 13)
- Re: DNS Guess 2 for the day Parity (Jul 13)
- Re: DNS Guess 2 for the day Paul Vixie (Jul 13)
- Re: DNS Guess 2 for the day piggly wiggly (Jul 13)
- Re: DNS Guess 2 for the day Jon Oberheide (Jul 14)
- Re: DNS Guess 2 for the day Marc Heuse (Jul 14)
- Re: DNS Guess 2 for the day Lee Brotherston (Jul 14)
- Re: DNS Guess 2 for the day Jon Oberheide (Jul 14)