lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sun, 18 Jul 2004 06:38:00 -0700 (PDT)
From: have2Banonymous <a637831@...oo.com>
To: bugtraq@...urityfocus.com
Subject: RE: The Impact of RFC Guidelines on DNS Spoofing Attacks



Hi,

The DNS paper is not at the mentioned URL since it was published in phrack instead, and can be
found at the URL http://www.phrack.org/show.php?p=62&a=3


> -----Original Message-----
> From: have2Banonymous [mailto:a637831@...oo.com] 
> Sent: Monday, July 12, 2004 5:46 AM
> To: bugtraq@...urityfocus.com
> Subject: The Impact of RFC Guidelines on DNS Spoofing Attacks
> 
> 
> EXECUTIVE SUMMARY
> 
> This paper provides a brief overview of basic Domain Name System (DNS)
> spoofing attacks against DNS client resolvers.  Technical challenges are
> proposed that should help to both identify attempted attacks and prevent
> them from being successful.  Relevant Request for Comments (RFC)
> guidelines, used by programmers to help ensure their DNS resolver code
> meets specifications, are reviewed.  This results in the realisation
> that the RFC guidelines are not adequately specific or forceful to help
> identify or prevent DNS spoofing attacks against DNS client resolvers. 
> Furthermore, the RFC guidelines actually simplify such attacks to a
> level that has not previously been discussed in the public domain until
> now.
> 
> To highlight the consequences of merely conforming to the RFC guidelines
> without considering security ramifications, an example DNS spoofing
> attack against the DNS resolver in Microsoft Windows XP is provided.
> This illustrates serious weaknesses in the Windows XP DNS resolver
> client implementation.  For example, Windows XP will accept a DNS reply
> as being valid without performing a thorough check that the DNS reply
> actually matches the DNS request.  This allows an attacker to create a
> malicious generic DNS reply that only needs to meet a couple of criteria
> with predictable values in order to be accepted as a valid DNS reply by
> the targeted user.
> 
> This paper discusses the practical impact of the issues raised, such as
> the ability to perform a successful and reasonably undetectable DNS
> spoofing attack against a large target base of Windows XP users, without
> the attacker requiring knowledge of the DNS requests issued by the
> targeted users.  Finally, a comparison with the DNS resolver in Debian
> Linux is supplied.
> 
> 
> The paper can be found at the following URL:
> http://members.ozemail.com.au/~987654321/impact_of_rfc_on_dns_spoofing.p
> df
> 



		
__________________________________
Do you Yahoo!?
Vote for the stars of Yahoo!'s next ad campaign!
http://advision.webevents.yahoo.com/yahoo/votelifeengine/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ