|
Dailydave
mailing list archives
Re: The audacity of thinking you're not owned
From: Jon Oberheide <jon () oberheide org>
Date: Mon, 14 Jul 2008 10:20:57 -0400
On Mon, 2008-07-14 at 08:21 +0200, Thomas Pollet wrote:
- suppose you want to spoof a nonexistant subdomain of a site, e.g.
pwned.paypal.com
- you get a user on a website to repeatedly request something on that
domain from within a web page
- as the domain does not exist, every request will result in a dns lookup
Not necessarily. DNS has all sorts of wonderfully quirky features, one
of them being negative caching [1]. So your NXDOMAIN/SERVFAIL/whatever
responses for a RR can be cached too.
- while the dns request is ongoing, flood the client (and intermediate
dns in a recursive scheme) with fake responses.
Even if you did succeed, all you'd be left with pwned.paypal.com which
might be more effective than heyipromisethisispaypal.com in your
phishing emails, but has no where near the impact of arbitrary RR
poisoning.
Regards,
Jon Oberheide
[1] http://www.ietf.org/rfc/rfc2308.txt
--
Jon Oberheide <jon () oberheide org>
GnuPG Key: 1024D/F47C17FE
Fingerprint: B716 DA66 8173 6EDD 28F6 F184 5842 1C89 F47C 17FE
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
 By Date 
By Thread
Current thread:
- Re: The audacity of thinking you're not owned, (continued)
| 
Intro
