Dailydave mailing list archives
Re: DNS Speculation
From: Cedric Blancher <blancher () cartel-securite fr>
Date: Wed, 23 Jul 2008 13:22:45 +0200
Le mardi 22 juillet 2008 à 02:42 -0700, Alexander Sotirov a écrit :
Spoofing a A record: Right before step 7, the attacker sends a spoofed response from ns.google.com that includes an A record for www.google.com and points it to 1.2.3.4 (which is an attacker controlled name server). If the attacker does not win the race, they just try again with 1235.google.com and so on.
And, what about spoofing 1234.google.com as described everywhere and add an Authority RR stating that NS record for google.com is ns.malicious.net, and an Additional one giving A record for ns.malicious.net ? According to RFC 2181, section 5.4.1, authority data from an authoritative answer have a better priority than the ones from a non-authoritative one. When ns.isp.com is getting NS record from .com (step 5), it is done through a non-authoritative answer. Therefore, our successful spoofed answer should update google.com NS record(s) in ns.isp.com cache -- http://sid.rstack.org/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
Hi! I'm your friendly neighbourhood signature virus. Copy me to your signature file and help me spread!
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: DNS Speculation, (continued)
- Re: DNS Speculation Tetrapodal Giant (Jul 22)
- Re: DNS Speculation Blue Boar (Jul 23)
- Re: DNS Speculation Alexander Sotirov (Jul 22)
- Re: DNS Speculation natron (Jul 22)
- Re: DNS Speculation Dominique Brezinski (Jul 22)
- Message not available
- Re: DNS Speculation Dominique Brezinski (Jul 22)
- Re: DNS Speculation Petja van der Lek (Jul 22)
- Re: DNS Speculation Tyler Krpata (Jul 23)
- Re: DNS Speculation Alexander Sotirov (Jul 22)
- Re: DNS Speculation ninjaboy (Jul 23)
- Re: DNS Speculation Cedric Blancher (Jul 24)
- Re: DNS Speculation marc_bevand (Jul 25)
- Re: DNS Speculation Bryan Burns (Jul 25)
- Message not available
- Re: DNS Speculation marc_bevand (Jul 28)
- Re: DNS Speculation natron (Jul 22)
- Re: DNS Speculation Dominique Brezinski (Jul 23)