Snip On Wed, Jul 9, 2008 at 10:50 AM, C F <[EMAIL PROTECTED]> wrote:
Very interesting article. I guess we won't know much more for another few weeks: http://www.breitbart.com/article.php?id=080709124916.zxdxcmkx&show_artic le=1 I thought this was common knowledge. I remember hearing about the flaw around 2000 or so. Thanks, Steve T Knowledge yes, but common, I don't think so. Cache Poisoning has been around since before 2000. A properly designed DNS server with the right amount of randomness in its request would be a difficult target. The attack exploits the fact that many sequential packets had sequential numbers do that it was easy to send a malformed packet back as a response to a query. It works like this: Badman requests the address for www.digium.com <http://www.digium.com/> from a name server, the server does not have it in its cache or it has expired. Name server requests the information from its forwarders, or the root domain. Badman sends a packet with the address of the forwarder or root domain server forged with an incremented sequence number. The name server thinks that it is a valid response and adds it to its cache... the Cache is poisoned... Clearing the cache, would clean out the poison entry, and unless the Badman was able to guess the precise time your name server was to request the information, your server should get the correct entry. Ever since Windows 2003, Bind 9.0+, and all versions of TinyDNS have random numbers been used for the sequence in the packet. There is always a brute force attack that can be done, to simply overwhelm the DNS server and possibly 'guess' the next sequence number but that would be time consuming, and most intrusion detection systems will pick it up as a DOS or DDOS attack and start to shut down access. Best solution is to use a trusted DNS server, don't have your master DNS server (the one that resolves your domain for the rest of the world) set to do recursive lookups, and as I do. Hide your DNS server behind a NAT'ed firewall that randomizes outgoing ports and sequence numbers. Alex
_______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- AstriCon 2008 - September 22 - 25 Phoenix, Arizona Register Now: http://www.astricon.net asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users