bind9 is the most prolific DNS server application. It attempts to fill DNS requests. On Sun, Jan 18, 2009 at 5:20 PM, bmike1 wrote: > bind9 is a distribution? let's talk about it.... what is it about? what > niche does it attempt to fill; does it do so successfully? > > On Sun, Jan 18, 2009 at 6:40 PM, Lisa Kachold wrote: > >> Catch the *Patch Procrastinators Recovery Group* >> Saturday UAT.EDU Noon until 3PM February 7th >> >> Various important patches have only recently been released for various >> distros including Bind9, OpenSSL, cups & NTP for Ubuntu; Redhat5 Avahi (FC >> 10) and SquirrelMail. >> >> So we will demonstrate exploits available for these issues: >> >> 1) OpenSSL: (Using Debian) >> http://www.metasploit.com/users/hdm/tools/debian-openssl/ >> Brute Forcing Tools Include: >> http://www.milw0rm.com/exploits/5622 >> >> http://metasploit.com/users/hdm/tools/debian-openssl/debian_openssh_key_tester.rb >> >> OpenSSL: Examples will also apply to the recent issues with OpenSSL: >> >> Several functions inside OpenSSL incorrectly checked the result after >> calling the EVP_VerifyFinal function, allowing a malformed signature >> to be treated as a good signature rather than as an error. The issue >> affected the signature checks on DSA and ECDSA keys used with >> SSL/TLS for various mail systems and DNS systems built upon OpenSSL also. >> >> We will show an easy 'man in the middle' attack to present a malformed SSL/TLS signature from a certificate chain >> to a vulnerable client, bypassing validation and segway into a discussion of the MD5 Verisign cert issues. >> >> >> 2) NTP Spoofing: (Using Debian) NTP Spoofing has been a staple of DoS and >> remote root exploits since the 1990's. Usually NTP is selectively allowed >> to egress DMZ via stateful packet inspection (that will catch spoofed >> packets) via source and destination (or served via internal NTP daemons). >> It's common to spoof the NTP servers while sending exploitive packets. >> A new issue has been identified: >> >> http://www.debian.org/security/2009/dsa-1702 >> >> A simple exploit using netcat will be demonstrated: >> http://cybexin.blogspot.com/2009/01/introduction-to-netcat.html >> >> 3) Overview of BEef: >> http://www.bindshell.net/tools/beef >> >> We will also look at forensic image from the November Hackfest and discuss >> ways to protect (arp, VPN/VLAN, Switches, SELINUX) from the inevitable >> pwnership in a production or users system. >> >> We will not discuss squirrelmail, since it's only a XSS issue (similar to >> 9 out of 10 running versions of Apache httpd). We will not discuss Bind9 >> because it also relates to the OpenSSL malformed signature. Other PRNG type >> entropy issues with SSL exist, just waiting to be popularlized, so we will >> wait for the industry to continue to ignore this and other issues inherent >> in various protocols. >> >> Catch us on FreeNode IRC #PLUGLABS >> >> www.Obnosis.com | http://wiki.obnosis.com | http://hackfest.obnosis.com(503)754-4452 >> PLUG HACKFESTS - http://uat.edu Second Saturday of Each Month Noon - 3PM >> >> >> >> ------------------------------ >> Windows Live™: Keep your life in sync. Check it out. >> >> --------------------------------------------------- >> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us >> To subscribe, unsubscribe, or to change your mail settings: >> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss >> > > > > -- > :-)~MIKE~(-: > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > -- Thanks and best regards, Ryan Rix TamsPalm - The PalmOS Blog (623)-239-1103 <-- Grand Central, baby! Jasmine Bowden - Class of 2009, Marc Rasmussen - Class of 2008, Erica Sheffey - Class of 2009, Rest in peace.