[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WEB SECURITY] Major DNS Vulnerabilities

From: Amit Klein <aksecurity@xxxxxxxxx>
Subject: Re: [WEB SECURITY] Major DNS Vulnerabilities
Date: Wed, 09 Jul 2008 21:53:53 +0200

Johannes B. Ullrich, Ph.D. wrote:

I have no real insider information, but even without that, the problem is kind of obvious. You got a single source port, and a small number of query IDs, making it reasonable easy to spoof a response. Add a decent tool to attack this problem (maybe that's the part that is going to be released at Blackhat?), a bunch of motivated users for such a tool (Phishing/Pharming?) and you got a big problem.

The overall issue has been discussed for a while (for example see this paper http://www.sans.org/reading_room/whitepapers/dns/1567.php).

But this research was conducted for Windows XP SP1. In SP2, Microsoft fixed that. And then I found that there's still a flaw (http://www.trusteer.com/files/Microsoft_Windows_resolver_DNS_cache_poisoning.pdf), and Microsoft fixed that in April this year. So this can't be the reason for Tuesday's fix...


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA

Follow-Ups:
- Re: [WEB SECURITY] Major DNS Vulnerabilities
  - From: Joe White

References:
- Re: [WEB SECURITY] Major DNS Vulnerabilities
  - From: Johannes B. Ullrich, Ph.D.

Prev by Date: Re: [WEB SECURITY] Major DNS Vulnerabilities
Next by Date: Re: [WEB SECURITY] Major DNS Vulnerabilities
Previous by thread: Re: [WEB SECURITY] Major DNS Vulnerabilities
Next by thread: Re: [WEB SECURITY] Major DNS Vulnerabilities
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site