Re: The audacity of thinking you're not owned

[Jon Oberheide <jon () oberheide org>]

On Mon, 2008-07-14 at 08:21 +0200, Thomas Pollet wrote:
> - suppose you want to spoof a nonexistant subdomain of a site, e.g.
> pwned.paypal.com
> - you get a user on a website to repeatedly request something on that
> domain from within a web page
> - as the domain does not exist, every request will result in a dns lookup

Not necessarily.  DNS has all sorts of wonderfully quirky features, one
of them being negative caching [1].  So your NXDOMAIN/SERVFAIL/whatever
responses for a RR can be cached too.

> - while the dns request is ongoing, flood the client (and intermediate
> dns in a recursive scheme) with fake responses.

Even if you did succeed, all you'd be left with pwned.paypal.com which
might be more effective than heyipromisethisispaypal.com in your
phishing emails, but has no where near the impact of arbitrary RR
poisoning.

Regards,
Jon Oberheide

[1] http://www.ietf.org/rfc/rfc2308.txt

-- 
Jon Oberheide <jon () oberheide org>
GnuPG Key: 1024D/F47C17FE
Fingerprint: B716 DA66 8173 6EDD 28F6  F184 5842 1C89 F47C 17FE

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave