Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer)

Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer)

From: Amit Klein <aksecurity_at_gmail.com>
Date: Sat, 28 Jul 2007 00:34:13 +0200

Tim Newsham wrote:
>> "it's not like this hasn't been reported, and fixed, many times by
>> many others" - so if it's fixed so many times, how come it was still
>> vulnerable, and ISC had to issue their patches?
>
> Because its just a 16-bit field. DNS is broken. Cache poisoning will
> happen. Those are the facts on the ground. The only argument left
> is the degree of brokenness.

Perhaps. Even so, adding, as you (and many others) suggested previously,
UDP source port (strong) randomization, in combination with strong
transaction ID randomization would make poisoning way way harder than
where it is today. Instead of 16 bits, you'd have ~30 bits of (strong)
randomness. That's much better, and there's no reason I see why it can't
be implemented today.
Received on Jul 27 2007

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos