Bugtraq mailing list archives
Re: Windows DNS Cache Poisoning by Forwarder DNS Spoofing
From: Tim <tim-security () sentinelchicken org>
Date: Wed, 18 Apr 2007 07:41:18 -0400
Hello Makoto,
Thank you for the clarification, Tim. That is exactly what I wanted to say. :) By the way, as regards recent Bind 9, birthday attack is much more difficult to conduct because even if the attacker sends multiple simultaneous recursive queries, Bind 9 aggregates these queries.
Aggregating queries would definitely help if you assume the attacker can make recursive queries. However, it was my understanding (which could be completely wrong) that BIND 9 reuses sockets for multiple queries, unlike previous versions, and this makes spoofed attacks easier in another respect. (Of course this all has nothing to do with the Windows-specific flaw.)
In addition, there is a patch written by Jinmei-san for Bind 9.4.0 (current release) to randomize source ports. http://www.jinmei.org/bind-9.4.0-portpool.patch http://member.wide.ad.jp/tr/wide-tr-dns-bind9-portpool-01.txt (technical report from WIDE project in Japanese)
That's good, that at least someone is trying to do this in BIND. thanks for the info, tim
Current thread:
- Windows DNS Cache Poisoning by Forwarder DNS Spoofing Makoto Shiotsuki (Apr 16)
- RE: Windows DNS Cache Poisoning by Forwarder DNS Spoofing Roger A. Grimes (Apr 17)
- Re: Windows DNS Cache Poisoning by Forwarder DNS Spoofing Tim (Apr 17)
- Re: Windows DNS Cache Poisoning by Forwarder DNS Spoofing Makoto Shiotsuki (Apr 18)
- Re: Windows DNS Cache Poisoning by Forwarder DNS Spoofing Tim (Apr 18)
- RE: Windows DNS Cache Poisoning by Forwarder DNS Spoofing Roger A. Grimes (Apr 18)
- Re: Windows DNS Cache Poisoning by Forwarder DNS Spoofing Tim (Apr 18)
- Re: Windows DNS Cache Poisoning by Forwarder DNS Spoofing Tim (Apr 17)
- RE: Windows DNS Cache Poisoning by Forwarder DNS Spoofing Roger A. Grimes (Apr 17)
- Re: Windows DNS Cache Poisoning by Forwarder DNS Spoofing Makoto Shiotsuki (Apr 17)
- RE: Windows DNS Cache Poisoning by Forwarder DNS Spoofing Roger A. Grimes (Apr 17)
- Re[2]: Windows DNS Cache Poisoning by Forwarder DNS Spoofing 3APA3A (Apr 17)
- RE: Re[2]: Windows DNS Cache Poisoning by Forwarder DNS Spoofing Roger A. Grimes (Apr 18)
- RE: Re[2]: Windows DNS Cache Poisoning by Forwarder DNS Spoofing Oliver Friedrichs (Apr 19)
- Re: Windows DNS Cache Poisoning by Forwarder DNS Spoofing Bojan Zdrnja (Apr 18)
- Re: Windows DNS Cache Poisoning by Forwarder DNS Spoofing Matthew Dixon Cowles (Apr 18)