[35788] in bugtraq
RE: The Impact of RFC Guidelines on DNS Spoofing Attacks
daemon@ATHENA.MIT.EDU (have2Banonymous)
Mon Jul 19 11:15:01 2004
Message-ID: <20040718133800.42858.qmail@web90005.mail.scd.yahoo.com>
Date: Sun, 18 Jul 2004 06:38:00 -0700 (PDT)
From: have2Banonymous <a637831@yahoo.com>
To: bugtraq@securityfocus.com
In-Reply-To: <653D74053BA6F54A81ED83DCF969DF0815C2CF@pivxes1.pivx.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Hi,
The DNS paper is not at the mentioned URL since it was published in phrack instead, and can be
found at the URL http://www.phrack.org/show.php?p=62&a=3
> -----Original Message-----
> From: have2Banonymous [mailto:a637831@yahoo.com]
> Sent: Monday, July 12, 2004 5:46 AM
> To: bugtraq@securityfocus.com
> Subject: The Impact of RFC Guidelines on DNS Spoofing Attacks
>
>
> EXECUTIVE SUMMARY
>
> This paper provides a brief overview of basic Domain Name System (DNS)
> spoofing attacks against DNS client resolvers. Technical challenges are
> proposed that should help to both identify attempted attacks and prevent
> them from being successful. Relevant Request for Comments (RFC)
> guidelines, used by programmers to help ensure their DNS resolver code
> meets specifications, are reviewed. This results in the realisation
> that the RFC guidelines are not adequately specific or forceful to help
> identify or prevent DNS spoofing attacks against DNS client resolvers.
> Furthermore, the RFC guidelines actually simplify such attacks to a
> level that has not previously been discussed in the public domain until
> now.
>
> To highlight the consequences of merely conforming to the RFC guidelines
> without considering security ramifications, an example DNS spoofing
> attack against the DNS resolver in Microsoft Windows XP is provided.
> This illustrates serious weaknesses in the Windows XP DNS resolver
> client implementation. For example, Windows XP will accept a DNS reply
> as being valid without performing a thorough check that the DNS reply
> actually matches the DNS request. This allows an attacker to create a
> malicious generic DNS reply that only needs to meet a couple of criteria
> with predictable values in order to be accepted as a valid DNS reply by
> the targeted user.
>
> This paper discusses the practical impact of the issues raised, such as
> the ability to perform a successful and reasonably undetectable DNS
> spoofing attack against a large target base of Windows XP users, without
> the attacker requiring knowledge of the DNS requests issued by the
> targeted users. Finally, a comparison with the DNS resolver in Debian
> Linux is supplied.
>
>
> The paper can be found at the following URL:
> http://members.ozemail.com.au/~987654321/impact_of_rfc_on_dns_spoofing.p
> df
>
__________________________________
Do you Yahoo!?
Vote for the stars of Yahoo!'s next ad campaign!
http://advision.webevents.yahoo.com/yahoo/votelifeengine/
