Nmap Security Scanner
 Intro
Ref Guide
Install Guide
Download
Changelog
Book
Docs
Security Lists
Nmap Hackers
Nmap Dev
Bugtraq
Full Disclosure
Pen Test
Basics
More
Security Tools
Pass crackers
Sniffers
Vuln Scanners
Web scanners
Wireless
Exploitation
Packet crafters
More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
|
 |
Bugtraq
mailing list archives
Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer)
From: Amit Klein <aksecurity () gmail com>
Date: Sat, 28 Jul 2007 00:34:13 +0200
Tim Newsham wrote:
"it's not like this hasn't been reported, and fixed, many times by
many others" - so if it's fixed so many times, how come it was still
vulnerable, and ISC had to issue their patches?
Because its just a 16-bit field. DNS is broken. Cache poisoning will
happen. Those are the facts on the ground. The only argument left
is the degree of brokenness.
Perhaps. Even so, adding, as you (and many others) suggested previously,
UDP source port (strong) randomization, in combination with strong
transaction ID randomization would make poisoning way way harder than
where it is today. Instead of 16 bits, you'd have ~30 bits of (strong)
randomness. That's much better, and there's no reason I see why it can't
be implemented today.
 By Date 
By Thread
Current thread:
- Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer), (continued)
|
|
