Exploit for the DNS cache poisoning vulnerability...

[one.miguel at gmail.com (Juan Miguel Paredes)]

Thanks HD.

I'm trying to understand this and get this to work in our lab.

In our environment, we have internet-facing DNS servers.  The only systems
allowed to query the internet-facing DNS servers are internal DNS caching
servers.  All internal users can only query the caching servers.  (sorry,
I'm not a DNS guy so my terminology is wrong, I'm sure).  Attacker can't hit
either the internet-facing DNS server or the caching servers from outside.
An attacker would need to be inside the network to begin with.  No problem
there.  However, the attacker would also be forced to target the caching
servers. Additionally:

1.  The attacker would need to know which internet-facing DNS server the
caching server is working with at the time of the attack (or spoof them
all).
2.  Instead of spoofing the authority as in the msf module, the attacker
would have to spoof the internet-facing DNS servers.

After that, unpached DNS servers are game.  I'm in the process of modifying
the .rb modules for our environment, but I thought I should ask: am I on the
right track here or am I missing something?

Thanks.

On Wed, Jul 23, 2008 at 11:20 PM, H D Moore <hdm at metasploit.com> wrote:

> Woops:
> http://www.caughq.org/exploits/CAU-EX-2008-0002.txt
> _______________________________________________
> http://spool.metasploit.com/mailman/listinfo/framework
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20080724/cce71b72/attachment.htm>