[kwlug disc.] DNS security threat
john at netdirect.ca
john at netdirect.ca
Fri Aug 1 11:20:16 EDT 2008
kwlug-disc-bounces at kwlug.org wrote on 08/01/2008 10:04:19 AM:
> Not *nearly* so easy. The attacker has to know when the DNS server
> makes the request to send a spoofed response at the right time. And
> still has to brute force the 16-bit TLID. the only way this attack
> works is by repeating the attack as often as necessary.. You would need
> to execute a program from your e-mail attachment that would then attack
> your DNS server. Just putting an embedded image with a fake domain name
> won't nearly cut it.
It won't know accurately, but it has to be close. Presenting a user with
an email with two images, one from the attacker site and one from
google.com would give the attacker an idea that the DNS server that just
asked it a question may just be about to send a request for google.com.
The other reason why this works is that it can be run continuously with a
very low success rate. Think in terms of 1 million dns servers. You don't
have to be accurate very often to poison enough to make some money.
There is speculation that the scale needed for this attack could result in
a DDoS in the attacker's DNS server or phishing site. It would have to
handle so many responses if it were too successful.-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://listserv.ccjclearline.com/pipermail/kwlug-disc/attachments/20080801/31350f4d/attachment.htm
More information about the KWLUG-Disc
mailing list