On Sun, 27 Jul 2008 14:07:03 EDT, [EMAIL PROTECTED] said:
The need for something more like ssl certs in there remains
It's called DNSSEC, which has been out for a decade and more.
(Also needed for bgp I suspect).
RFC2385 (TCP MD5 protection for BGP) addresses most of the issues, at least
on a
On Fri, Jul 25, 2008 at 9:58 PM, [EMAIL PROTECTED] wrote:
... that's the *biggest* threat now, is
mass poisoning of an ISP's DNS servers affecting *all* their customers.
I HEAR THAT ALL PUBLIC / FREE / COMMUNITY WIRELESS USERS ARE STILL AFFECTED!
MASS PANIC ENSUES AT AIRPORTS AND HOTELS
What is always required is a machine where the user has the ability to write
packets to the network with any IP. This usually means super user access.
It is difficult in most cases to send udp packets with forged IP since
routers will not accept them. That is why it is difficult to
suppliers.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
[EMAIL PROTECTED]
Sent: Saturday, July 26, 2008 12:58 AM
To: Paul Schmehl
Cc: RandallMan; full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] DNS spoofing issue. Thoughts on
On Fri, 25 Jul
On Sat, 26 Jul 2008 23:19:53 +0100 n3td3v [EMAIL PROTECTED]
wrote:
On Sat, Jul 26, 2008 at 11:10 PM, Paul Schmehl
[EMAIL PROTECTED] wrote:
there *is* such a thing as criminal negligence.)
Could we not charge HD Moore and I)ruid with this?
All the best,
n3td3v
Stop trying to stifle the
Hi Paul,
The attack isn't impossible, it's more like 1% chance *per hour* that
your IDS doesn't notice and stop the attempts. Big difference...
The information that I have says it's statistically impossible *if*
you are patched.
It's not statistically impossible; it just takes 2^16 times
--On Saturday, July 26, 2008 8:34 PM +0100 imipak [EMAIL PROTECTED] wrote:
The attack isn't impossible, it's more like 1% chance *per hour* that
your IDS doesn't notice and stop the attempts. Big difference...
The information that I have says it's statistically impossible *if*
you are
On Sat, Jul 26, 2008 at 11:10 PM, Paul Schmehl [EMAIL PROTECTED] wrote:
there *is* such a thing as criminal negligence.)
Could we not charge HD Moore and I)ruid with this?
All the best,
n3td3v
___
Full-Disclosure - We believe in it.
Charter:
But realizing that going from 11 seconds to (11 * 64512 =3D) 8.21 days
is not a significant jump ...
We had a browser pointed to an evil page making image requests for
aaa.victim.com, aab.victim.com etc, for a few seconds. You cannot expect
the browser to stay alive for days.
Cheers,
Paul
On Sun, 27 Jul 2008 09:05:35 +1000, Paul Szabo said:
But realizing that going from 11 seconds to (11 * 64512 =3D) 8.21 days
is not a significant jump ...
We had a browser pointed to an evil page making image requests for
aaa.victim.com, aab.victim.com etc, for a few seconds. You cannot
Where might on find info on what to look for in a primary windows domain
where we handle our internal DNS and SBC handles our external?
=
I top post, get over it.
___
Full-Disclosure - We believe in it.
Charter:
--On July 25, 2008 6:53:31 AM -0500 RandallMan [EMAIL PROTECTED]
wrote:
Where might on find info on what to look for in a primary windows domain
where we handle our internal DNS and SBC handles our external?
Just apply the Microsoft patches and you'll be fine. The patches make the
On Fri, 25 Jul 2008 23:16:18 CDT, Paul Schmehl said:
Just apply the Microsoft patches and you'll be fine. The patches make the
attack essentially impossible.
Paul, don't make me take you out back and smack you around. :)
First off - SBC probably doesn't run Windows on the server(s) that they
I am now posting some analysis I wrote on the subject right after my last
post.
Since the exploits are now available too, this should primarily be helpful
to the good guys.
I wrote this without full details of the exploit, but it shoud all be
pertinent nonetheless.
It might help in some cases
What is always required is a machine where the user has the ability to write
packets to the network with any IP. This usually means super user access.
It is difficult in most cases to send udp packets with forged IP since
routers will not accept them. That is why it is difficult to conduct an
Hi,
I am troubled by these kinds of solutions which only help administrators
with standard distributions. Any kind of deviation from the norm, and it
will
be impossible to fix one's servers, or assess possible vulnerabilities.
I wanted to understand how someone could exploit this flaw against
16 matches
Mail list logo
