Re: DNS and other fun.

[H D Moore <dailydave () digitaloffense net>]

I still don't understand why speed *matters* -- the existing metasploit 
modules nail every BIND 9 server I have tested within a minute or two (as 
long as they have a static source port). I imagine speed would be more of 
a concern for more-random source ports, but this craze over 10 seconds vs 
two minutes seems ridiculous. I don't mind waiting a couple minutes to 
poison an entire TLD.

The one major optimization we added to the metasploit modules was the 
ability to determine the race window for a particular cache server and 
target domain. This prevents us from sending packets after the real one 
has already arrived and resulted in a 3-4 x speedup. Even still, 
poisoning a TLD with 13 nameservers just isn't that long of a wait.

My 0.02,

-HD

On Tuesday 29 July 2008, Dave Aitel wrote:
> We're not using Scapy here, but in Python (and Ruby, I assume?) you
> don't want to do your creation of packets along-side your sending of
> packets. You probably want to do something like this:


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave