Vulnerability Development mailing list archives
Re: distributed.net and seti@home
From: scut () NB IN-BERLIN DE (Sebastian)
Date: Mon, 31 Jan 2000 13:01:39 +0100
Hi. On Mon, Jan 31, 2000 at 05:28:59AM +0000, Bryce Walter wrote:
In theory its not too difficult to provide false dns info.
Yes, in theory DNS spoofing is easy, and can often be used to exploit client side vulnerabilities.
-Identify the dns server for the target machine.
This can be a problem, but in most cases this is easy, it is just the main nameserver of that network segment, and if it is not just take the bigger enclosing segment.
-Issue a query to that dns server for the name you wish to provide the wrong IP address for.
Often DNS servers don't allow queries from strangers, which is good and should be the default configuration (except external queries for your domains). However there are multiple ways to circumvent this, since DNS wasn't designed for security. For example one might just find out the whole querying chain, that is all nameservers that indirectly get the query. Then just take the weakest linear-id/jizz-able/vulnerable-host nameserver out of it and poison it's cache. Also there is another way you can get the DNS server you want to poison to send out a query even if it doesn't accept a queries from strangers.
-Send a spoofed dns query reply that appears to be from the upstream dns server with the false data that you want.
This is not that easy as it sounds. However there are multiple tools to accomplish this, at first the classis ADM ID-sn00f program, then there is a recode called sn00f, and there is my program, zodiac (www.packetfactory.net/zodiac/), which tries to ease and automate the whole process, however, I doubt DNS spoofing will ever be easy.
I think it is possible in some cases to insert a DNS cache entry into a DNS server manually, and you can fool all the clients that use that DNS server to contact your own server. Then you could send custom packets back to the client to overflow it, etc.
ciao, scut / teso -- - scut () nb in-berlin de - http://nb.in-berlin.de/scut/ - sacbuctd@ircnet -- -- you don't need a lot of people to be great, you need a few great to be -- -- the best ------------------------------------------------------------------ http://3261000594/scut/pgp - 5453 AC95 1E02 FDA7 50D2 A42D 427E 6DEF 745A 8E07 --- expecting arrival 340kg tetranitrocubane as promised, hi echelon ---------
Current thread:
- Re: distributed.net and seti@home Sen_Ml Sen_Ml (Jan 30)
- Re: distributed.net and seti@home Stefan Aeschbacher (Feb 01)
- <Possible follow-ups>
- Re: distributed.net and seti@home Robert Wojciechowski Jr. (Jan 31)
- Re: distributed.net and seti@home Sebastian (Jan 31)
- Re: distributed.net and seti@home Clifford, Shawn A (Jan 31)
- Re: distributed.net and seti@home Seth R Arnold (Jan 31)
- Re: distributed.net and seti@home CyberPsychotic (Jan 31)
- Re: distributed.net and seti@home Oliver Friedrichs (Feb 01)
- Re: distributed.net and seti@home Iván Arce (Feb 02)
- Re: distributed.net and seti@home Oliver Friedrichs (Feb 01)
- Re: distributed.net and seti@home Sen_Ml Sen_Ml (Feb 01)
- Re: distributed.net and seti@home Kerneels (Feb 02)
- Re: distributed.net and seti@home Granquist, Lamont (Feb 03)
- Re: distributed.net and seti@home Steffen Zahn (Feb 04)
- Re: distributed.net and seti@home Sen_Ml Sen_Ml (Feb 01)