Exploit for DNS Cache Poisoning - RELEASED
Joe Abley
jabley at ca.afilias.info
Thu Jul 24 01:17:18 UTC 2008
On 23 Jul 2008, at 18:30, Joe Greco wrote:
> So, I have to assume that I'm missing some unusual aspect to this
> attack.
> I guess I'm getting older, and that's not too shocking. Anybody see
> it?
Perhaps what you're missing can be found in the punchline to the
transient post on the Matasano Security blog ("Mallory can conduct
this attack in less than 10 seconds on fast Internet link").
Being able to divert users of a particular resolver (who thought they
were going to paypal, or their bank, or a government web page to file
their taxes, or, or, etc) to the place of your choosing with less than
a minute's effort seems like cause for concern to me.
Luckily we have the SSL/CA architecture in place to protect any web
page served over SSL. It's a good job users are not conditioned to
click "OK" when told "the certificate for this site is invalid".
Joe
More information about the NANOG
mailing list