Vulnerability Development mailing list archives
Re: distributed.net and seti@home
From: atatat () ATATDOT NET (Andrew Brown)
Date: Thu, 3 Feb 2000 01:06:40 -0500
One of the things which also protects you against ID prediction (more so than a random ID), is random source ports for each query. I believe that BIND does this now. I recall someone mentioning problems configuring their network, as BIND was no longer using source port 53. This causes other nightmares, but it goes a long way to prevent spoofing.
bind 8 has several things you can do to get around this. by default,
bind 8 uses a single port (not 53) for outbound queries (to fulfill
recursive lookups not already in the cache). and by default bind (in
general) uses monotonically increasing query ids.
however...you can simply add
options {
query-source address * port *;
use-id-pool yes;
};
and you're much better off. the use-id-pool one refers to a
precalculateds set of query ids, but not a random set. random query
ids would be very vulnerable to a birthday attack, requiring about 100
outstanding queries before there's a 50% chance that an id gets
reused. use-id-pool uses a query id and shuffles it back into the
pool, but far from the current "surface".
--
|-----< "CODE WARRIOR" >-----|
codewarrior () daemon org * "ah! i see you have the internet
twofsonet () graffiti com (Andrew Brown) that goes *ping*!"
andrew () crossbar com * "information is power -- share the wealth."
Current thread:
- Re: Possible DHCP DOS attack, (continued)
- Re: Possible DHCP DOS attack C.J. Oster (Feb 03)
- Re: Possible DHCP DOS attack Erik Fichtner (Feb 03)
- Re: Possible DHCP DOS attack Matthew S. Hallacy (Feb 03)
- DHCP and Security Nitzenberger, Rob, MSgt, AF/XORR (Feb 03)
- Re: DHCP and Security Erik Fichtner (Feb 03)
- Re: DHCP and Security Seth R Arnold (Feb 04)
- Re: DHCP and Security Jeff Bachtel (Feb 05)
- Re: Possible DHCP DOS attack Michal Zalewski (Feb 03)
- Re: Possible DHCP DOS attack Blue Boar (Feb 03)
- Re: distributed.net and seti@home Andrew Brown (Feb 02)