[106153] in North American Network Operators' Group
Re: Exploit for DNS Cache Poisoning - RELEASED
daemon@ATHENA.MIT.EDU (Joe Abley)
Wed Jul 23 21:17:35 2008
From: Joe Abley <jabley@ca.afilias.info>
To: Joe Greco <jgreco@ns.sol.net>
In-Reply-To: <200807232230.m6NMUehk023713@aurora.sol.net>
Date: Wed, 23 Jul 2008 21:17:18 -0400
Cc: nanog@merit.edu
Errors-To: nanog-bounces@nanog.org
On 23 Jul 2008, at 18:30, Joe Greco wrote:
> So, I have to assume that I'm missing some unusual aspect to this
> attack.
> I guess I'm getting older, and that's not too shocking. Anybody see
> it?
Perhaps what you're missing can be found in the punchline to the
transient post on the Matasano Security blog ("Mallory can conduct
this attack in less than 10 seconds on fast Internet link").
Being able to divert users of a particular resolver (who thought they
were going to paypal, or their bank, or a government web page to file
their taxes, or, or, etc) to the place of your choosing with less than
a minute's effort seems like cause for concern to me.
Luckily we have the SSL/CA architecture in place to protect any web
page served over SSL. It's a good job users are not conditioned to
click "OK" when told "the certificate for this site is invalid".
Joe
