Re: Exploit for DNS Cache Poisoning - RELEASED

[Joe Abley <jabley () ca afilias info>]

On 23 Jul 2008, at 18:30, Joe Greco wrote:

> So, I have to assume that I'm missing some unusual aspect to this  
> attack.
> I guess I'm getting older, and that's not too shocking.  Anybody see  
> it?

Perhaps what you're missing can be found in the punchline to the  
transient post on the Matasano Security blog ("Mallory can conduct  
this attack in less than 10 seconds on fast Internet link").

Being able to divert users of a particular resolver (who thought they  
were going to paypal, or their bank, or a government web page to file  
their taxes, or, or, etc) to the place of your choosing with less than  
a minute's effort seems like cause for concern to me.

Luckily we have the SSL/CA architecture in place to protect any web  
page served over SSL. It's a good job users are not conditioned to  
click "OK" when told "the certificate for this site is invalid".


Joe