Dailydave mailing list archives
Re: The audacity of thinking you're not owned
From: Jon Oberheide <jon () oberheide org>
Date: Mon, 14 Jul 2008 10:20:57 -0400
On Mon, 2008-07-14 at 08:21 +0200, Thomas Pollet wrote:
- suppose you want to spoof a nonexistant subdomain of a site, e.g. pwned.paypal.com - you get a user on a website to repeatedly request something on that domain from within a web page - as the domain does not exist, every request will result in a dns lookup
Not necessarily. DNS has all sorts of wonderfully quirky features, one of them being negative caching [1]. So your NXDOMAIN/SERVFAIL/whatever responses for a RR can be cached too.
- while the dns request is ongoing, flood the client (and intermediate dns in a recursive scheme) with fake responses.
Even if you did succeed, all you'd be left with pwned.paypal.com which might be more effective than heyipromisethisispaypal.com in your phishing emails, but has no where near the impact of arbitrary RR poisoning. Regards, Jon Oberheide [1] http://www.ietf.org/rfc/rfc2308.txt -- Jon Oberheide <jon () oberheide org> GnuPG Key: 1024D/F47C17FE Fingerprint: B716 DA66 8173 6EDD 28F6 F184 5842 1C89 F47C 17FE
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- The audacity of thinking you're not owned Dave Aitel (Jul 12)
- Re: The audacity of thinking you're not owned Parity (Jul 12)
- Re: The audacity of thinking you're not owned Brandon Enright (Jul 12)
- Re: The audacity of thinking you're not owned Parity (Jul 12)
- Re: The audacity of thinking you're not owned Halvar Flake (Jul 13)
- Re: The audacity of thinking you're not owned Jason Ross (Jul 13)
- Re: The audacity of thinking you're not owned Thomas Pollet (Jul 14)
- Re: The audacity of thinking you're not owned Jon Oberheide (Jul 14)
- Re: The audacity of thinking you're not owned Thomas Pollet (Jul 14)
- Re: The audacity of thinking you're not owned Brandon Enright (Jul 12)
- Re: The audacity of thinking you're not owned Parity (Jul 12)