DNS wierdness and cox communications

Patrick Fleming, EA plug at rwcinc.net
Thu Aug 14 20:22:26 MST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I've followed it off and on here:
http://www.doxpara.com/

The gist is that there is not enough "randomization" in DNS ports
(meaning a man in the middle attack could figure out the port + nonce
and beat the real DNS reply) *and* some DNS implementations are too
trusting of results accepting additional information such as host a.com
returning ns.b.com as an additional reply. If the implementation caches
ns.b.com and you request www.b.com within the TTL then you could be
directed to a bogus host. At least that is how I understand it.

Dan Lund wrote:
| I need to read about the fix sometime.  Is there any "quick
| explanation" aside from reading through securityfocus things? :)
| Thanks,
| Dan Lund
| It is necessary for him who lays out a state and arranges laws for it
| to presuppose that all men are evil and that they are always going to
| act according to the wickedness of their spirits whenever they have
| free scope.
| -Niccolo Machiavelli
|
|
|
| On Thu, Aug 14, 2008 at 8:22 AM, Patrick Fleming, EA <plug at rwcinc.net>
wrote:
|> -----BEGIN PGP SIGNED MESSAGE-----
|> Hash: SHA1
|>
|> The recent DNS fix forcing port randomization can also be a culprit.
| ---------------------------------------------------
| PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
| To subscribe, unsubscribe, or to change your mail settings:
| http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkik9nIACgkQIFnqWH4u/3Pf4gCeKzM82Kh4JZciOgSp9SLvlzyx
jycAmwVWLmwFrlidfXnQGCpcBwQ0Y6y5
=YnAp
-----END PGP SIGNATURE-----


More information about the PLUG-discuss mailing list