I've followed it off and on here:
http://www.doxpara.com/
The gist is that there is not enough "randomization" in DNS ports
(meaning a man in the middle attack could figure out the port + nonce
and beat the real DNS reply) *and* some DNS implementations are too
trusting of results accepting additional information such as host a.com
returning ns.b.com as an additional reply. If the implementation caches
ns.b.com and you request
www.b.com within the TTL then you could be
directed to a bogus host. At least that is how I understand it.
Dan Lund wrote:
| I need to read about the fix sometime. Is there any "quick
| explanation" aside from reading through securityfocus things? :)
| Thanks,
| Dan Lund
| It is necessary for him who lays out a state and arranges laws for it
| to presuppose that all men are evil and that they are always going to
| act according to the wickedness of their spirits whenever they have
| free scope.
| -Niccolo Machiavelli
|
|
|
| On Thu, Aug 14, 2008 at 8:22 AM, Patrick Fleming, EA <plug@rwcinc.net>
wrote:
|> -----BEGIN PGP SIGNED MESSAGE-----
|> Hash: SHA1
|>
|> The recent DNS fix forcing port randomization can also be a culprit.
| ---------------------------------------------------
| PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
| To subscribe, unsubscribe, or to change your mail settings:
| http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
|
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)