[kwlug disc.] DNS security threat
Rashkae
rashkae at tigershaunt.com
Fri Aug 1 11:04:19 EDT 2008
john at netdirect.ca wrote:
>
> Isn't one of the attack vectors where an attacker would "trick" your name
> server into resolving a name for it. Say by sending an email with an URL
> reference, or phish someone to a web site with a remote image, or any
> other way? Then the attacker tries to send back a poisoning responses from
> it's DNS server? It would have a small chance of working but if an
> attacker does that to say 65,000 systems one could be a hit. Replicate
> that over and over to a base of a million systems and it could find enough
> success to justify the attack.
Not *nearly* so easy. The attacker has to know when the DNS server
makes the request to send a spoofed response at the right time. And
still has to brute force the 16-bit TLID. the only way this attack
works is by repeating the attack as often as necessary.. You would need
to execute a program from your e-mail attachment that would then attack
your DNS server. Just putting an embedded image with a fake domain name
won't nearly cut it.
More information about the KWLUG-Disc
mailing list