[kwlug disc.] DNS security threat
Chris Frey
cdfrey at foursquare.net
Fri Aug 1 17:23:31 EDT 2008
On Fri, Aug 01, 2008 at 10:00:47AM -0400, Rashkae wrote:
> Here's how the attack works. let's suppose, I want to poison a DNS
> cache so any request for www.google.com will instead go to a malware phony.
[...]
> What's new with this 'attack' is, when I send my spoof, not only do I
> have an A record for something useless like aaaa.google.com, but it
> turns out, thanks to DNS design, I can include any *other* google.com
> record, and it will ovewrite cache.
[...]
> As far as the patch goes, as fas as I can tell, it only makes the DNS
> server randomize the IP port it uses to make the initial connection.
Maybe I'm missing something, but wouldn't the correct fix for this be
for the DNS server to only cache data that it specifically asked for?
What side effects to such a fix am I missing?
- Chris
More information about the KWLUG-Disc
mailing list