DNS Spoofing anyone?
Ok so maybe my blog will get some more hits if i blog about the recent ‘Massive, Coordinated Patch To the DNS Released ‘ as /. named it.
Let me just link to this recent article of the PowerDNS author Bert Hubert in which he reminds us that this recent ‘fix’ for what seems to be an all new issue is not all that new after all.
Come on people, you knew it all the time. There is the query ID which is at best 16 bits and, … well did you really never wonder about that highport BIND reserved?
Alright maybe you haven’t but it seems not all that hard to do:
Actually the very same Dan Kaminsky who is credited with having found this latest issue half a year ago encourages us geeks to go “explore DNS”. “Maybe I missed something” he writes. Well i for one have not yet discovered what he did to get <1s to poison a dns cache but apparently Dan is pretty convinced that someone is going to find out before his Blackhat talk where he wants to spill it.
Comments