[Sysops-list] [SANOG] Re: Fwd: US-CERT Technical Cyber Security Alert TA08-190B -- Multiple DNS implementations vulnerable to cache poisoning
Bipin Gautam
bipin.gautam at gmail.com
Thu Jul 10 01:36:15 EDT 2008
On Thu, Jul 10, 2008 at 10:28 AM, Suresh Ramasubramanian
<suresh at hserus.net> wrote:
> Oh, you will get exploits in the wild - but at least, here, there isn't a zero day element thanks to Dan being good enough to patiently contact each affected vendor, reach out to a bunch of DNS operators quietly (in closed / confidential forums etc) several months before this news broke.
>
Suresh patience :) Wait for few days..... lol
Currently everyone must be doing a fair... hit and trial on their
favourate boxes. As some level of brutforce if required to poison the
cache.
Studying the scenerio, if a "worm" is discovered in wild, I suppose
delaying DNS cache server response time, from network.... to say "few
hundred Millisecond" would be able to temporarily migrate the attack,
but again only practicable for small ISP's........ till the guys at
the "system" patch it and hope the before the "source port" of DNS
response is guessed for poisioning the DNS request (bruteforce attack)
would timeout! :)
Views? reviews???
But again, the exploit is a vendor specific problem considering its
flawed from fundamental design, to some vendor the issue might be
"more crutial" and to other less likely if they already had a fair
pool of "source port" & "DNS transaction ID" randomization.
thanks,
-bipin
More information about the Sysops-list
mailing list