lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1218097530.312.3.camel@b4byl0n>
Date: Thu, 7 Aug 2008 10:25:30 +0200
From: Bernhard Mueller <research@...-consult.com>
To: Full Disclosure <full-disclosure@...ts.grok.org.uk>, Bugtraq
	<bugtraq@...urityfocus.com>
Subject: Whitepaper: DNS zone redelegation

Newly emerging techniques of DNS cache poisoning have caused quite a
stir recently, prompting security researchers to speculate on the nature
of the issue, and naturally inducing press stunts by some individuals,
including "accidential" information leaks and hasty exploit releases.
Many other, more relaxed researchers, who had figured out the attack and
had coded working exploits within a few hours (which, by the way, was
incredibly easy to do, knowing that an undocumented attack actually
existed), decided to coordinate with Dan Kaminsky, who had organized a
huge multi-vendor security patch, and withhold information for the
proposed 30 days.

SEC Consult's researchers were among the first to write a working "fast
cache poisoning" exploit, details of which will now be published in a
whitepaper, which also includes some calculations on the reliability of
the attack.

The paper details a way of making DNS cache poisoning / response
spoofing attacks more reliable. A caching server will store any NS
delegation RRs if it receives a delegation which is "closer" to the
answer than the nameservers it already knows. By spoofing replies that
contain a delegation for a single node, the nameserver will eventually
cache the delegation when we hit the right transfer id.

http://www.sec-consult.com/whitepapers_e.html


Regards,

Bernhard

-- 
_________________________________________

Bernhard Mueller
Security Consultant

SEC Consult Unternehmensberatung GmbH
www.sec-consult.com

A-1190 Vienna, Mooslackengasse 17
phone     +43 1 8903043 34
fax       +43 1 8903043 15
mobile    +43 676 840301 718
email     b.mueller@...-consult.com

Firmenbuch Wiener Neustadt: 227896t, UID: ATU56165223
Firmensitz: Prof. Dr. Stephan Korenstraße 10, A-2700 Wiener Neustadt

Advisor for your information security.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ