Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

basics logo Security Basics mailing list archives

DNS caching exploit defense with iptables
From: Michael Rash <mbr () cipherdyne org>
Date: Tue, 15 Jul 2008 21:58:19 -0400
Hi -

It's well known that Dan Kaminsky is going to present a significant
development regarding a caching exploit against DNS at Blackhat this
year.  For anyone who has not patched their DNS servers, here is a
strategy for adding a single iptables "SNAT --random" rule to mitigate
the attack (for those DNS servers deployed on or behind a system running
Linux):

http://www.cipherdyne.org/blog/2008/07/mitigating-dns-cache-poisoning-attacks-with-iptables.html

Other firewall architectures support similar functionality as well.

--
Michael Rash
http://www.cipherdyne.org/
Key fingerprint = 53EA 13EA 472E 3771 894F  AC69 95D8 5D6B A742 839F

  By Date           By Thread  

Current thread:
  • DNS caching exploit defense with iptables Michael Rash (Jul 16)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]