North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: how to protect name servers against cache corruption
> crude. He just put some bogus NS records into his alternic.net zone so > that queries for www.alternic.net would pick up those bogus servers > and their associated A records. His "sophisticated hack" consisted of This is true, and it is essentially the textbook/cookbook version of the "poisoned resource-record" attack that was outlined by Johannes Erdfelt a few months ago on Bugtraq. What I am asserting to you is that there are variants on this attack which are not currently fixed by BIND 8.1.1. On a related note, there are things that can be done to strengthen DNS implementations (such as BIND) against these attacks that do not involve DNSSEC. So, again, I think you are either in error or we're not in understanding on the meaning of the word "variant". Perhaps, by the word "variant", you refer solely to attacks that involve modifications to a shell script, and my reference to attacks that involve programming ability cease to be classified as "variants" of the attack. So, I'd like to convey the fact that, by using the word "variant", I refer to attacks that operate at a protocol level in a manner resembling the attack performed by Mr. Kashpureff. Thanks for providing me with an opportunity to clarify this. ---------------- Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [email@example.com] ---------------- "If you're so special, why aren't you dead?"