lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <C6AF3ECACA6E9A46A2CB2FABCDCB35C40CE9AEDE@swilnts810.wil.fusa.com>
Date: Sat, 12 Jul 2008 13:59:14 -0400
From: <Glenn.Everhart@...se.com>
To: <xploitable@...il.com>, <full-disclosure@...ts.grok.org.uk>
Subject: Re: DNS flaw fixing causes surge in DNS traffic

The kind of thing being talked about should be perhaps viewed in terms of
other work Dan has done. An exploit that alters DNS and is combined with
turning corporate browsers into gateways is perfectly feasible and would
in effect make most corporate gateways into pieces of wire. All the pieces
are pretty much out there already, available to any of us who have grabbed
them over the years. An exploit that also combines research into being
able to scan loads of systems at once could be useful, even where the chance
of success on a single site got down in the few percent range, in compromising
substantial numbers of systems. Since DNS resolution is distributed, this could
mean substantial sections of DNS resolution might be compromised at once,
so that for example if you wanted to resolve mumble.foo.com, whereas perhaps
the root DNS systems might get foo.com right, the foo.com resolver would give
out evil-cracker.something's IP address instead of the real mumble.foo.com.

Let this happen widely enough and chaos ensues. It need not only be for
the denizens of foo.com, but could affect many others. 

Three orders of magnitude (or more) speedup of common processors makes quite
a difference here. Remember we are using protocols designed when 56KB was the
arpanet BACKBONE speed and was considered blindingly fast, and when computers
with cycle times of 1 megahertz were common and considered reasonable performers.

Back then, guessing 65K of something was not as trivial as now...and I rather suspect
with a few recursive routing tricks enough sensing can be devised to cut that
down, possibly with the birthday paradox, even attacking one site. But when
was the last time Dan K. did an app that attacked only one? Attack 65000 at a
time and the birthday paradox wins for the attacker bigtime.

Mind I have no inside information about Dan's plans, but I read now and then.. :-)

Glenn Everhart


-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk]On Behalf Of n3td3v
Sent: Friday, July 11, 2008 6:30 PM
To: full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] DNS flaw fixing causes surge in DNS
traffic


On Fri, Jul 11, 2008 at 10:54 PM, Supranamaya Ranjan <soups@...us.com> wrote:
> Hi,
>
>
>
> I noticed an interesting side-effect of the co-ordinated DNS patching after
> the news broke out on Tues July 8th. Some DNS servers started seeing more
> than normal amount of query traffic, most likely due to the fact that the
> patched DNS clients and resolvers had their caches reset and hence had to
> resolve new domains. More interestingly, all these clients began their new
> DNS resolutions around the same time. For more details please read the blog
> article at:
>
>
>
> http://www.narus.com/blog/2008/07/10/dns-fix-causes-huge-surge-in-dns-traffic-in-the-internet/
>
>
>
> Thanks,
>
> Soups Ranjan
>

Stop adding to the media over hype FFS, its a gay bug being used to
market Blackhat security conference, think about the timing of the
announcement and media over hype carnage and say to yourself "Why
now?".

All the best,

n3td3v

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

-----------------------------------------
This transmission may contain information that is privileged,
confidential, legally privileged, and/or exempt from disclosure
under applicable law.  If you are not the intended recipient, you
are hereby notified that any disclosure, copying, distribution, or
use of the information contained herein (including any reliance
thereon) is STRICTLY PROHIBITED.  Although this transmission and
any attachments are believed to be free of any virus or other
defect that might affect any computer system into which it is
received and opened, it is the responsibility of the recipient to
ensure that it is virus free and no responsibility is accepted by
JPMorgan Chase & Co., its subsidiaries and affiliates, as
applicable, for any loss or damage arising in any way from its use.
 If you received this transmission in error, please immediately
contact the sender and destroy the material in its entirety,
whether in electronic or hard copy format. Thank you.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ