IDS mailing list archives
Re: DNS Cache Poisoning attack
From: Michael Rash <mbr () cipherdyne org>
Date: Thu, 17 Jul 2008 21:44:53 -0400
In addition to detection, how about prevention? There is a an easy way to thwart the attack (most likely) for those DNS servers that are deployed on (or behind) either Linux or OpenBSD without patching the DNS server (which is preferrable of course, but not everyone can): http://www.cipherdyne.org/blog/2008/07/mitigating-dns-cache-poisoning-attacks-with-iptables.html http://blog.spoofed.org/2008/07/mitigating-dns-cache-poisoning-with-pf.html --Mike On Jul 17, 2008, Joel Esler wrote:
There are Shared Object rules available for the DNS Cache Poisoning attack that are VRT certified available via subscription at www.snort.org. J On Jul 16, 2008, at 10:38 PM, Ravi Chunduru wrote:Does anybody have snort or Intrupro-IPS signature(s) to detect DNS Cache Poisoning attack? Also, is there any PoC to simulate the attack and test the effectiveness of signature(s)? thanks Ravi ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing itwith real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfwto learn more. ------------------------------------------------------------------------
------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- DNS Cache Poisoning attack Ravi Chunduru (Jul 17)
- Re: DNS Cache Poisoning attack Joel Esler (Jul 17)
- Re: DNS Cache Poisoning attack Michael Rash (Jul 17)
- Re: DNS Cache Poisoning attack Secure Scorp (Jul 21)
- Re: DNS Cache Poisoning attack Michael Rash (Jul 17)
- Re: DNS Cache Poisoning attack Mario A. Spinthiras (Jul 21)
- Re: DNS Cache Poisoning attack Joel Esler (Jul 17)