[wuug-list] Dan Kaminsky's DNS Vulnerability
Matt Draisey
matt at draisey.ca
Sat Aug 16 16:33:27 EDT 2008
So the vulnerability is public now and can be discussed freely. I'm not
terribly impressed with the new-found urgency. DNS was always easily
spoofed as it only had a single 16 bit random number as the transaction
id to authenticate the packet. It has always been easy to know when DNS
requests are going out so spoofing a UDP packet has always had a 1 in
65536 chance of succeeding if source port randomization wasn't being
used. One in 65536 was already pretty good if you were a crook given
that packets are so cheap.
Further defences against the specific attack look pretty
straightforward. Just being more picky about when glue records are
accepted and used should solve all the problems that I can see.
http://www.doxpara.com/
http://www.unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html
I put up a blog entry about it. http://blog.free.draisey.ca (I know, I
know, my blog sucks)
I've always thought of the internet as an unreliable medium. It alarms
me that people do banking online. SSL is useless.
Matt
More information about the wuug-list
mailing list