Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: DNS Cache Dan Kamikaze (Actual Exploit Discussion)
From: coderman <coderman () gmail com>
Date: Sun, 13 Jul 2008 15:15:37 -0700

On Sun, Jul 13, 2008 at 2:27 PM, eugaaa () gmail com <eugaaa () gmail com> wrote:
...
So on that note I'll be more direct. Has anyone actually preemptively
written any code or reversed this issue on their own? Or just, you
know, attempted to understand the vulnerability in detail instead of
relying on these intentionally vague advisories (dan)?

my money is currently on ICMP port unreachable combined with the
predictable ports to trick vulnerable resolvers into thinking the
configured nameservers are offline:

http://wari.mckay.com/~rm/dns_theroy.txt

you could fix this via the method described, and not imply that the
ICMP was part of the vector.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault