Security Incidents: Re: DNS Injection Problem

["Blade Runner" <blade () seven com br>]

You were the first to mention it,  I am studying the subject.

One interesting thing to quote, and sorry about the ignorance, is:

Is possible to restart the DNS server with such attack?
The local where the .zone and named.inc ( dns conf file ) file are stored is
protected with these permission "-rw-r--r--", only root can modify or
add new files ( theorically ).

I am fear that the attacker is getting root privileges somewhere else
to do that.

But maybe in my research about dns poisonig I can get the answer.

I will isolate the server to run a sniffer and check the queries, if the
problem is with DNS it will be easier to detect even for a newbie :-) .

Thanks.



> Have you thought about DNS cache poisoning?
>
> references:
> http://www.securityfocus.com/guest/17905
> http://www.sans.org/rr/firewall/DNS_spoof.php
> http://csrc.nist.gov/fasp/FASPDocs/network-security/NISTSecuringDNS.htm
> http://www.acmebw.com/resources/papers/securing.pdf
>
> Can you put a sniffer, e.g. ethereal on the link and see if anyone is
> sending you the bad data in response to queries?
>
> cheers,
>  Jamie
> --
> James Riden / j.riden () massey ac nz / Systems Programmer - Security
> Information Technology Services, Massey University, NZ.
> Tel: +64 (0) 6356 9099 ext. 7402

-- 
Blade Runner - Squirrel Mail
Linux Powered
LICQ 40959703

----------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the 
world's premier event for IT and network security experts.  The two-day 
Training features 6 hand-on courses on May 12-13 taught by professionals.  
The two-day Briefings on May 14-15 features 24 top speakers with no vendor 
sales pitches.  Deadline for the best rates is April 25.  Register today to 
ensure your place. http://www.securityfocus.com/BlackHat-incidents 
----------------------------------------------------------------------------