Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: DNS spoofing issue. Thoughts on
From: Paul Schmehl <pschmehl_lists () tx rr com>
Date: Sat, 26 Jul 2008 17:10:58 -0500

--On Saturday, July 26, 2008 8:34 PM +0100 imipak <imipak () gmail com> wrote:

The attack isn't "impossible", it's more like "1% chance *per hour* that
your IDS doesn't notice and stop the attempts".  Big difference...

The information that I have says it's statistically impossible *if*
you are patched.

It's not statistically impossible; it just takes 2^16 times longer.
And as Joe Greco observed on NANOG:

But realizing that going from 11 seconds to (11 * 64512 =) 8.21 days is
not a significant jump from the PoV of an attacker would certainly have
factored into my decision-making process.

How shall I put this? If you don't notice a dns cache poisoning attack for 8.21 days, you *deserve* to have your cache poisoned. (Not that anyone ever deserves to be hacked, but there *is* such a thing as criminal negligence.)

Paul Schmehl
As if it wasn't already obvious,
my opinions are my own and not
those of my employer.

Attachment: _bin

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]