lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <17540.1217048282@turing-police.cc.vt.edu>
Date: Sat, 26 Jul 2008 00:58:02 -0400
From: Valdis.Kletnieks@...edu
To: Paul Schmehl <pschmehl_lists_nada@...rr.com>
Cc: RandallMan <randallm@...mail.com>, full-disclosure@...ts.grok.org.uk
Subject: Re: DNS spoofing issue. Thoughts on

On Fri, 25 Jul 2008 23:16:18 CDT, Paul Schmehl said:

> Just apply the Microsoft patches and you'll be fine.  The patches make the
> attack essentially impossible.

Paul, don't make me take you out back and smack you around. :)

First off - SBC probably doesn't run Windows on the server(s) that they do the
external for RandallMan's site, so the Microsoft patches are going to do
squat-all for that side of the problem.  And RandallMan most certainly *DOES*
need to worry about SBC getting patched - that's the *biggest* threat now, is
mass poisoning of an ISP's DNS servers affecting *all* their customers.

Paul Vixie already pointed out that on an unpatched system, the DNS can get
poisoned in about 11 seconds. And we *also* know that by iteratively trying new bogus
names, the attacker can keep trying over and over till it works or they get
bored. And all the current patches do is make it *harder* to hit.

The attack isn't "impossible", it's more like "1% chance *per hour* that your
IDS doesn't notice and stop the attempts".  Big difference...


Content of type "application/pgp-signature" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ