Full Disclosure mailing list archives
Re: DNS spoofing issue. Thoughts on
From: <Glenn.Everhart () chase com>
Date: Sun, 27 Jul 2008 14:07:03 -0400
1% per hour for each target. Lots of targets. The need for something more like ssl certs in there remains. (Also needed for bgp I suspect). By extension, some "web of trust" variation of CERTs would make much of this easier for those not interested in or able to pay for certs from commercial suppliers. -----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk]On Behalf Of Valdis.Kletnieks () vt edu Sent: Saturday, July 26, 2008 12:58 AM To: Paul Schmehl Cc: RandallMan; full-disclosure () lists grok org uk Subject: Re: [Full-disclosure] DNS spoofing issue. Thoughts on On Fri, 25 Jul 2008 23:16:18 CDT, Paul Schmehl said:
Just apply the Microsoft patches and you'll be fine. The patches make the attack essentially impossible.
Paul, don't make me take you out back and smack you around. :) First off - SBC probably doesn't run Windows on the server(s) that they do the external for RandallMan's site, so the Microsoft patches are going to do squat-all for that side of the problem. And RandallMan most certainly *DOES* need to worry about SBC getting patched - that's the *biggest* threat now, is mass poisoning of an ISP's DNS servers affecting *all* their customers. Paul Vixie already pointed out that on an unpatched system, the DNS can get poisoned in about 11 seconds. And we *also* know that by iteratively trying new bogus names, the attacker can keep trying over and over till it works or they get bored. And all the current patches do is make it *harder* to hit. The attack isn't "impossible", it's more like "1% chance *per hour* that your IDS doesn't notice and stop the attempts". Big difference... ----------------------------------------- This transmission may contain information that is privileged, confidential, legally privileged, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. Although this transmission and any attachments are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by JPMorgan Chase & Co., its subsidiaries and affiliates, as applicable, for any loss or damage arising in any way from its use. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: DNS spoofing issue. Thoughts on imipak (Jul 26)
- Re: DNS spoofing issue. Thoughts on Paul Schmehl (Jul 26)
- Message not available
- Re: DNS spoofing issue. Thoughts on n3td3v (Jul 26)
- Re: [inbox] Re: DNS spoofing issue. Thoughts on Exibar (Jul 26)
- Re: DNS spoofing issue. Thoughts on n3td3v (Jul 26)
- <Possible follow-ups>
- Re: DNS spoofing issue. Thoughts on Paul Szabo (Jul 26)
- Re: DNS spoofing issue. Thoughts on Valdis . Kletnieks (Jul 26)
- Re: DNS spoofing issue. Thoughts on Glenn.Everhart (Jul 27)
- Re: DNS spoofing issue. Thoughts on Valdis . Kletnieks (Jul 30)
- Re: DNS spoofing issue. Thoughts on John D. Reason (Jul 27)