Vulnerability Development mailing list archives
Re: distributed.net and seti@home
From: robertw () WOJO COM (Robert Wojciechowski Jr.)
Date: Mon, 31 Jan 2000 03:33:19 -0500
----- Original Message ----- From: Bryce Walter [SMTP:brycewalter () HOTMAIL COM] Reply To: Bryce Walter [SMTP:brycewalter () HOTMAIL COM] Sent: Monday, January 31, 2000, 0:28:59 To: VULN-DEV () SECURITYFOCUS COM Subject: Re: distributed.net and seti@home In theory its not too difficult to provide false dns info. -Identify the dns server for the target machine. -Issue a query to that dns server for the name you wish to provide the wrong IP address for. -Send a spoofed dns query reply that appears to be from the upstream dns server with the false data that you want.
And with something like 30% of the name servers on the Internet vulnerable to DNS spoofing (read this somewhere, I think quickdns.com), the chances you or your upstream DNS providers having a spoofable DNS server is pretty high. Robert S. Wojciechowski Jr. robertw () wojo com
Current thread:
- Re: distributed.net and seti@home Sen_Ml Sen_Ml (Jan 30)
- Re: distributed.net and seti@home Stefan Aeschbacher (Feb 01)
- <Possible follow-ups>
- Re: distributed.net and seti@home Robert Wojciechowski Jr. (Jan 31)
- Re: distributed.net and seti@home Sebastian (Jan 31)
- Re: distributed.net and seti@home Clifford, Shawn A (Jan 31)
- Re: distributed.net and seti@home Seth R Arnold (Jan 31)
- Re: distributed.net and seti@home CyberPsychotic (Jan 31)
- Re: distributed.net and seti@home Oliver Friedrichs (Feb 01)
- Re: distributed.net and seti@home Iván Arce (Feb 02)
- Re: distributed.net and seti@home Oliver Friedrichs (Feb 01)
- Re: distributed.net and seti@home Sen_Ml Sen_Ml (Feb 01)
- Re: distributed.net and seti@home Kerneels (Feb 02)
- Re: distributed.net and seti@home Granquist, Lamont (Feb 03)
- Re: distributed.net and seti@home Sen_Ml Sen_Ml (Feb 01)