Date: Sun, 14 Mar 1999 11:59:01 -0500 From: Alan <security@unixpower.org> To: Marc Slemko <marcs@znep.com> Cc: freebsd-security@freebsd.org Subject: Re: bind 8.1.2 cache poisoning Message-ID: <19990314115901.A29122@unixpower.org> In-Reply-To: <Pine.BSF.4.05.9903132231320.15783-100000@alive.znep.com>; from Marc Slemko on Sat, Mar 13, 1999 at 10:53:36PM -0800 References: <Pine.BSF.4.05.9903130520380.7303-100000@leaf.lumiere.net> <Pine.BSF.4.05.9903132231320.15783-100000@alive.znep.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Mar 13, 1999 at 10:53:36PM -0800, Marc Slemko wrote: > On Sat, 13 Mar 1999, Jesse wrote: > > Yup, it can be done. There are three or four programs that I have seen > which do it. > > The way an name server can match a response to a request is by looking > at the query id. This query id is a 16 bit number. If you can guess > that number, you can often spoof a response. > Really, I have only seen 2. > > Hmm? I'm not sure what you are talking about. The root name servers do > not run with recursion enabled making this attack not work against them. > Hmmph.... I admin a box for a friend, and I saw people who had root 'snoof'ing stuff like 'owned.microsoft.com' onto a.root-servers.net. It's really sad when people you think you can trust do things like that. -- | Alan L. * Webmaster of www.UnixPower.org | | Windsor Unix Users Group Founder: http://unix.windsor.on.ca/ | | Personal Page: http://www.unixpower.org/alanp/ | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990314115901.A29122>