[106150] in North American Network Operators' Group
Re: Exploit for DNS Cache Poisoning - RELEASED
daemon@ATHENA.MIT.EDU (David Conrad)
Wed Jul 23 19:00:53 2008
From: David Conrad <drc@virtualized.org>
To: "Robert D. Scott" <robert@ufl.edu>
In-Reply-To: <002e01c8ed16$a1891c40$e49b54c0$@edu>
Date: Wed, 23 Jul 2008 16:00:39 -0700
Cc: nanog@merit.edu
Errors-To: nanog-bounces@nanog.org
Hi,
On Jul 23, 2008, at 3:51 PM, Robert D. Scott wrote:
> Actually you are not missing anything. It is a brute force attack.
I haven't looked at the exploit code, but the vulnerability Kaminsky
found is a bit more than a brute force attack. As has been pointed out
in various venues, it takes advantage of a couple of flaws in the DNS
architecture. No, not simply the fact that the QID space is only 16
bits. That's part of it, but there is more. Really. I'm sure you can
find the 'leaked' Matasano Chargen description of the attack on the
net somewhere.
> But other than just muck things up where is the motivation for a
> poisoning?
Man-in-the-middle attacks directed at ISPs serving end users who want
to (say) get to their banks?
Regards,
-drc
