Re: distributed.net and seti@home

[brycewalter () HOTMAIL COM (Bryce Walter)]

In theory its not too difficult to provide false dns info.
-Identify the dns server for the target machine.
-Issue a query to that dns server for the name you wish to provide    the
wrong IP address for.
-Send a spoofed dns query reply that appears to be from the upstream dns
server with the false data that you want.

> If the clients contact the server, the only way to exploit the clients is
> to
> make the client contact your own server I suppose.
>
> This could be done via changing DNS records manually on a upstream DNS
> server, a hacked client, an entry in the hosts file, etc.  The all require
> pretty much elevated access to the network (admin status) or the computer,
> in which case you don't have to use the distributed clients to hack into
> the
> machine.
>
> I think it is possible in some cases to insert a DNS cache entry into a DNS
> server manually, and you can fool all the clients that use that DNS server
> to contact your own server.  Then you could send custom packets back to the
> client to overflow it, etc.
>
> That's about all I can think about right now.  It's the weekend, and I am
> going to be lazy ;)
>
> - Robert
>
> > ----- Original Message -----
> > From:       Seth R Arnold [SMTP:sarnold () willamette edu]
> > Sent:       Saturday, January 29, 2000, 5:14:58
> > To: Robert Wojciechowski Jr.
> > Cc: 'VULN-DEV () SECURITYFOCUS COM'
> > Subject:    Re: distributed.net and seti@home
> >
> > Robert, (and list :) -- with distributed.net and seti@home, I am not so
> > concerned with open ports -- the client goes to the trouble of
> downloading
> > input data all on its own, so an open port would be superfluous. (sp?)
> >
> > I am thinking more along the lines of a buffer overflow, or
> > "u17r4-s3cr3t-31337-b@ckd00r", or something like that.
> >
> > My personal guess is both distributed.net and seti@home are secure
> enough
> > for most everyone's purposes. But, that is a guess, and I haven't seen
> > anyone try to see if there is a way to get either of them to execute
> code
> > through malformed (or perfectly-formed :) data downloads. It would make
> me
> > feel a lot better if someone out there (whitehat :) would take the
> trouble
> > to try to find holes to be exploited -- because I know of a LOT of
> machines
> > that could be compromised in extremely vulnerable positions -- all with
> the
> > blessings of system administrators trying to be politically active or
> just
> > hoping to find aliens. :)
> >
> > Wouldn't it be annoying to wake up one day to find your whole
> organization
> > has been 0wned as a result of running rc5 from distributed.net?
> >
> > I am not saying it would be easy, or even practical, but it might be
> worth
> > checking into. :)
>
> Robert S. Wojciechowski Jr.
> robertw () wojo com

______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com