[106149] in North American Network Operators' Group
Re: Exploit for DNS Cache Poisoning - RELEASED
daemon@ATHENA.MIT.EDU (Mike Lewinski)
Wed Jul 23 18:59:08 2008
Date: Wed, 23 Jul 2008 16:58:43 -0600
From: Mike Lewinski <mike@rockynet.com>
To: nanog@merit.edu
In-Reply-To: <200807232230.m6NMUehk023713@aurora.sol.net>
Errors-To: nanog-bounces@nanog.org
Joe Greco wrote:
> So, I have to assume that I'm missing some unusual aspect to this attack.
> I guess I'm getting older, and that's not too shocking. Anybody see it?
AFAIK, the main novelty is the ease with which bogus NS records can be
inserted. It may be hard to get a specific A record
(www.victimsbank.com) cached, but if you can shim in the NS records of
your ns.poisoner.com authority, then getting the real target A record is
trivial since you'll be asked directly for it (and can wait for the
legit clients to ask for it for you).
Mike
