Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DNS Cache Dan Kamikaze (Actual Exploit Discussion)

From: coderman <coderman () gmail com>
Date: Sun, 13 Jul 2008 18:04:12 -0700
On Sun, Jul 13, 2008 at 5:26 PM, eugaaa () gmail com <eugaaa () gmail com> wrote:

What you wrote...


please note that is not my post on that site; i merely link to it.  thanks.



Why flood with dest unreachables when your goal is to answer before
the nameserver?


if the nameserver is "down", you no longer need to race against it.



Meaning it is a remote timing based attack...


sure.  the bigger question is how large the temporal window of
opportunity.  if you have a large window, practical attacks become
widely possible.  a small niche and you're dealing with mostly
theoretical impact.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: