lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <200601031636.QAA01515@simpson.demon.co.uk>
Date: Tue, 03 Jan 2006 16:35:42 +0000
From: Duncan Simpson <dps@...pson.demon.co.uk>
To: Mario Contestabile <marioc@...puter.org>
Cc: bugtraq@...urityfocus.com
Subject: Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged 
 hosts-file lookup



Nobody has mentioned this, so maybe I should.

It is not difficult to bypass the hosts file on *any* operting system 
whatsoever, by just writing your own resolver. This is easier than you 
think---the standard resolver library has all the machinery you need modulo 
creating the UDP socket. Bind has an even easier library... and an example of 
how to use it (aka dig).

AFAIK winodws update et al are based on http, so a firewall that requiries one 
to use the provided HTTP proxy can block its requests (and lots of instant 
messgaing software). You could even use a transparent proxy so nobody notices 
anything until the proxy denies their request.

You can do all the above with a solution like sonic wall (and presuambly their 
competitors' alternatives), linux+iptables, and presumably similar faciltiies 
on other platforms.

I think the advice is to buy or build a seperate firewall, configure it to 
deny anything not desired, and you should be safe. Rerquiring the use of a 
local proxy or name servers just requires blocking outbound requests to the 
appropriate ports from all other hosts. I suspect bugtraq would *not* 
recommend any seperate firewall based on M$ windows, but would recommend using 
the provided firewalling feattures.

-- 
Duncan (-:
"software industry, the: unique industry where selling substandard goods is
legal and you can charge extra for fixing the problems."




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ