mailing list archives
Re: how to protect name servers against cache corruption
From: "Thomas H. Ptacek" <tqbf () enteract com>
Date: Tue, 29 Jul 1997 21:55:48 -0500 (CDT)
crude. He just put some bogus NS records into his alternic.net zone so
that queries for www.alternic.net would pick up those bogus servers
and their associated A records. His "sophisticated hack" consisted of
This is true, and it is essentially the textbook/cookbook version of the
"poisoned resource-record" attack that was outlined by Johannes Erdfelt a
few months ago on Bugtraq.
What I am asserting to you is that there are variants on this attack which
are not currently fixed by BIND 8.1.1. On a related note, there are things
that can be done to strengthen DNS implementations (such as BIND) against
these attacks that do not involve DNSSEC.
So, again, I think you are either in error or we're not in understanding
on the meaning of the word "variant". Perhaps, by the word "variant", you
refer solely to attacks that involve modifications to a shell script, and
my reference to attacks that involve programming ability cease to be
classified as "variants" of the attack.
So, I'd like to convey the fact that, by using the word "variant", I refer
to attacks that operate at a protocol level in a manner resembling the
attack performed by Mr. Kashpureff.
Thanks for providing me with an opportunity to clarify this.
Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [tqbf () enteract com]
"If you're so special, why aren't you dead?"