Dailydave mailing list archives
Re: DNS Speculation
From: "Tyler Krpata" <krpatasec () gmail com>
Date: Tue, 22 Jul 2008 13:54:29 -0400
I've been trying to understand the attack, but I am not sure that I really get it. It looks like the only way it would work is if the DNS resolvers accept records they didn't ask for. Do they? If they do, why?
They do, for "in-bailiwick" records. http://homepages.tesco.net/J.deBoynePollard/FGA/dns-server-bailiwick.html http://cr.yp.to/djbdns/notes.html#gluelessness http://www.faqs.org/rfcs/rfc1034.html So the idea is that you are providing a correct, in-bailiwick response, and you don't have to worry about beating the legit response for the record you're trying to spoof into cache, since your spoofed glue record is never seen until the spoofing attempt is successful. The innovative thing about this attack, as far as I can see, is that you don't have to actually care about successfully spoofing the Answer section for any particular response. _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: DNS Speculation, (continued)
- Re: DNS Speculation Parity (Jul 22)
- Re: DNS Speculation Tetrapodal Giant (Jul 22)
- Re: DNS Speculation Blue Boar (Jul 23)
- Re: DNS Speculation Parity (Jul 22)
- Re: DNS Speculation Alexander Sotirov (Jul 22)
- Re: DNS Speculation natron (Jul 22)
- Re: DNS Speculation Dominique Brezinski (Jul 22)
- Message not available
- Re: DNS Speculation Dominique Brezinski (Jul 22)
- Re: DNS Speculation Petja van der Lek (Jul 22)
- Re: DNS Speculation Tyler Krpata (Jul 23)
- Re: DNS Speculation Alexander Sotirov (Jul 22)
- Re: DNS Speculation ninjaboy (Jul 23)
- Re: DNS Speculation Cedric Blancher (Jul 24)
- Re: DNS Speculation marc_bevand (Jul 25)
- Re: DNS Speculation Bryan Burns (Jul 25)
- Message not available
- Re: DNS Speculation marc_bevand (Jul 28)
- Re: DNS Speculation natron (Jul 22)