[106265] in North American Network Operators' Group
Re: Exploit for DNS Cache Poisoning - RELEASED
daemon@ATHENA.MIT.EDU (Tuc at T-B-O-H.NET)
Fri Jul 25 00:41:33 2008
From: "Tuc at T-B-O-H.NET" <ml@t-b-o-h.net>
To: ganbold@gmail.com (Ganbold Tsagaankhuu)
Date: Fri, 25 Jul 2008 00:41:05 -0400 (EDT)
In-Reply-To: <8c1a520a0807242116u24901cag90ee97d3e1aa9c29@mail.gmail.com>
Cc: nanog@merit.edu
Errors-To: nanog-bounces@nanog.org
>
> On Thu, Jul 24, 2008 at 10:32 AM, Tuc at T-B-O-H.NET <ml@t-b-o-h.net> wrote:
>
> > > - -- "Robert D. Scott" <robert@ufl.edu> wrote:
> > >
> > > >Now, there is an exploit for it.
> > > >
> > > >http://www.caughq.org/exploits/CAU-EX-2008-0002.txt
> > >
> > > Now also (mirrored) here:
> > >
> > > http://www.milw0rm.com/exploits/6122
> > >
> > > ...and probably a slew of other places, too. ;-)
> > >
> > The changes the put into metasploit for this don't seem
> > to work if running from FreeBSD 5.5, possibly other BSD's and
> > versions from talking to the author.
> >
> > Tuc/TBOH
> >
> >
> True. On FreeBSD 7.0-STABLE (updated on Fri May 23) it fails to create raw
> socket:
> ...
> [-] This module is configured to use a raw IP socket. On Unix systems, only
> the root user is allowed to create raw sockets.Please run the framework as
> root to use this module.
>
> [*] Attempting to inject poison records for example.com.'s nameservers into
> 202.72.241.4:55088...
> [-] Auxiliary failed: undefined method `sendto' for nil:NilClass
>
Sorry, I just checked it on 7.0 earlier today.
If you happen to know any FreeBSD Ruby programmers with heavy socket
experience, it would really be helpful. :-D
I haven't tried the Python one yet. Probably later today.
Tuc/TBOH
