DNS cache poisoning

Jul 24, 2008 02:03

So, the cat is out of the bag. The DNS theoretical flaw is now real, with exploit code written. It currently takes a couple minutes, but it can be changed to take a few seconds. It has to do with sloppy reception of RR records really. I wrote a bit of code today to try to get it accept an alternate address, and I came pretty close. But not bad for 5 minutes in perl. Just had to get the tuning a little tigheter. And that was just based off what leaked earlier today. Some guy broke it wide open though.

Anyway, long and short: Patch. If you have updates on desktops, install them. If you have updates on your NAT device, install them. If you have updates on your servers, get them in. DNS is the start of trust within some parts of the modern web, and with the right ripple attack, we're looking at a worm that could exploit the crap out of a ton of machines. Convince a bunch of machines they're microsoft.com, push some code automatically, wheeeeee...

INSTALL YOUR UPDATES!
Previous post Next post
Up