Question about bailiwicked_host.rb

[takuan4 at gmail.com (.)]

I thought that long TTLs did not provide any protection against this attack
as the random dns requests are not going to be cached,
and if you win the XID race you can just overwrite whatever in bailiwick
with regardless of whether it is cached or not.
(I assume I am missing something?)

Why does this exploit need to sleep until the hostname is purged out of the
cache??

Cheers

(See http://news.cnet.com/8300-1009_3-83.html)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20080725/d7a6a7ac/attachment.htm>