Exploit for DNS Cache Poisoning - RELEASED
Robert D. Scott
robert at ufl.edu
Wed Jul 23 22:51:22 UTC 2008
Actually you are not missing anything. It is a brute force attack. I think
you had the right concept when you indicated that "networks and hardware
may be fast enough". It is not maybe, it is; and every script kiddie on your
block has the power in his/her bedroom. Then you add the college crowd
sitting on 10Gig pipes to the Internet and the threat is real. But other
than just muck things up where is the motivation for a poisoning?
Robert D. Scott Robert at ufl.edu
Senior Network Engineer 352-273-0113 Phone
CNS - Network Services 352-392-2061 CNS Receptionist
University of Florida 352-392-9440 FAX
Florida Lambda Rail 352-294-3571 FLR NOC
Gainesville, FL 32611 321-663-0421 Cell
From: Joe Greco [mailto:jgreco at ns.sol.net]
Sent: Wednesday, July 23, 2008 6:31 PM
To: Robert D. Scott
Cc: nanog at merit.edu
Subject: Re: Exploit for DNS Cache Poisoning - RELEASED
> Now, there is an exploit for it.
Maybe I'm missing it, but this looks like a fairly standard DNS exploit.
Keep asking questions and sending fake answers until one gets lucky.
It certainly matches closely with my memory of discussions of the
weaknesses in the DNS protocol from the '90's, with the primary difference
being that now networks and hardware may be fast enough to make the
flooding (significantly) more effective. I have to assume that one other
standard minor enhancement has been omitted (or at least not explicitly
mentioned), and will refrain from mentioning it for now.
So, I have to assume that I'm missing some unusual aspect to this attack.
I guess I'm getting older, and that's not too shocking. Anybody see it?
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then
won't contact you again." - Direct Marketing Ass'n position on e-mail
With 24 million small businesses in the US alone, that's way too many
More information about the NANOG