Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 14 Mar 1999 11:59:01 -0500
From:      Alan <security@unixpower.org>
To:        Marc Slemko <marcs@znep.com>
Cc:        freebsd-security@freebsd.org
Subject:   Re: bind 8.1.2 cache poisoning
Message-ID:  <19990314115901.A29122@unixpower.org>
In-Reply-To: <Pine.BSF.4.05.9903132231320.15783-100000@alive.znep.com>; from Marc Slemko on Sat, Mar 13, 1999 at 10:53:36PM -0800
References:  <Pine.BSF.4.05.9903130520380.7303-100000@leaf.lumiere.net> <Pine.BSF.4.05.9903132231320.15783-100000@alive.znep.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Mar 13, 1999 at 10:53:36PM -0800, Marc Slemko wrote:
> On Sat, 13 Mar 1999, Jesse wrote:
> 
> Yup, it can be done.  There are three or four programs that I have seen
> which do it.
> 
> The way an name server can match a response to a request is by looking
> at the query id.  This query id is a 16 bit number.  If you can guess
> that number, you can often spoof a response.
>

Really, I have only seen 2.
 
> 
> Hmm?  I'm not sure what you are talking about.  The root name servers do
> not run with recursion enabled making this attack not work against them.
> 

Hmmph....  I admin a box for a friend, and I saw people who had root
'snoof'ing stuff like 'owned.microsoft.com' onto a.root-servers.net.  It's
really sad when people you think you can trust do things like that.

-- 
|           Alan L. * Webmaster of www.UnixPower.org           |
| Windsor Unix Users Group Founder: http://unix.windsor.on.ca/ |
|       Personal Page:  http://www.unixpower.org/alanp/        |


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990314115901.A29122>