[kwlug disc.] DNS security threat
Rashkae
rashkae at tigershaunt.com
Fri Aug 1 11:43:25 EDT 2008
john at netdirect.ca wrote:
>
> It won't know accurately, but it has to be close. Presenting a user with
> an email with two images, one from the attacker site and one from
> google.com would give the attacker an idea that the DNS server that just
> asked it a question may just be about to send a request for google.com.
Ok, that would work,, albeit, with a very very poor chance of success.
Remember that the spoof answer has to return to the victim DNS server
before google's reponse.. that will be hard for an attacking system to
do, because the attacker would be sending millions of spoofed reponses
all over the net.
All in all, I'll take my chances. By no means do I wish to discourage
people from patching DNS, but I remain convinced that the real threat is
ISP's with large DNS recursive servers that serve recursively to anyone
who asks, and are sitting right there waiting for an attacker to poison
their cache.
More information about the KWLUG-Disc
mailing list