David Barrett wrote: > Why wouldn't this work? And is there any real protection against this? > > DNSSEC would protect against this, but it essentially isn't deployed.
Of course your attack relies on being able to sniff the traffic going towards the DNS server. If you're in a position to send/receive on the LAN, you can just ARP-hijack the router itself, or take over any TCP session that does get opened with Google, or install software on the host that trusts other things on its LAN more than it trusts "the Internet" and so opens up the ability for you use RPC attacks and the like. The bigger issue is the one that was publicized a few months ago, where I convince you to look up an address at my server, and then I use that info to predict the sequence number you'll use in your subsequent request for Google.com. The only defense is to use better random numbers over a larger space, and even that isn't perfect protection. Matthew Kaufman _______________________________________________ p2p-hackers mailing list p2p-hackers@lists.zooko.com http://lists.zooko.com/mailman/listinfo/p2p-hackers
