[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Exploit for DNS Cache Poisoning - RELEASED

Subject: Exploit for DNS Cache Poisoning - RELEASED
From: mike at rockynet.com (Mike Lewinski)
Date: Wed, 23 Jul 2008 16:58:43 -0600
In-reply-to: <[email protected]>
References: <[email protected]>

Joe Greco wrote:

> So, I have to assume that I'm missing some unusual aspect to this attack.
> I guess I'm getting older, and that's not too shocking.  Anybody see it?

AFAIK, the main novelty is the ease with which bogus NS records can be 
inserted. It may be hard to get a specific A record 
(www.victimsbank.com) cached, but if you can shim in the NS records of 
your ns.poisoner.com authority, then getting the real target A record is 
trivial since you'll be asked directly for it (and can wait for the 
legit clients to ask for it for you).

Mike

References:
- Exploit for DNS Cache Poisoning - RELEASED
  - From: jgreco at ns.sol.net (Joe Greco)

Prev by Date: Exploit for DNS Cache Poisoning - RELEASED
Next by Date: Exploit for DNS Cache Poisoning - RELEASED
Previous by thread: Exploit for DNS Cache Poisoning - RELEASED
Next by thread: Exploit for DNS Cache Poisoning - RELEASED
Index(es):
- Date
- Thread