[kwlug disc.] DNS security threat
Rashkae
rashkae at tigershaunt.com
Fri Aug 1 12:20:57 EDT 2008
john at netdirect.ca wrote:
> kwlug-disc-bounces at kwlug.org wrote on 08/01/2008 10:43:25 AM:
>
>> Ok, that would work,, albeit, with a very very poor chance of success.
>> Remember that the spoof answer has to return to the victim DNS server
>> before google's reponse.. that will be hard for an attacking system to
>> do, because the attacker would be sending millions of spoofed reponses
>> all over the net.
>
> This is a difficult exploit to take advantage of. It's a lot of work and
> it relies on one or more things going wrong *after* the compromise in
> order to take advantage of it.
>
> This exploit has been blown out of proportion because of the reaction to
> how Kaminsky (the discoverer) handled this. It caused quite a stir just
> before the Black Hat security conference and there were claims that he was
> manipulating things to boost his exposure at the conference. It resulted
> in a lot of press.
>
No no,, you don't understand.. what you described is the classic cache
poisoning technique.
Kaminsky did something new, he figured out how to launch the attack
repeatedly..
Contrary to what was said earlier, the vast majority of large DNS
servers are publicly recursive. (either to the ISP's subscribers, or
even the world at large.) Prior to the patch, Kaminsky's exploit could
poison and hijack entire domains in seconds, and indeed, there's an
exploit in the wild that does this... Publicly accessible, unpatched DNS
servers are now as good as 'P0wned,' I believe is how the kids say it now.
More information about the KWLUG-Disc
mailing list