User not logged in - login - register
Home Calendar Books School Tool Photo Gallery Message Boards Users Statistics Advertise Site Info
go to bottom | |
 Message Boards » » Big DNS vulnerability Page [1]  
tsnww
Veteran
262 Posts
user info
edit post

For those of you that may run DNS servers...

http://www.us-cert.gov/cas/techalerts/TA08-190B.html

7/9/2008 12:15:18 AM

evan
All American
27701 Posts
user info
edit post

[old]

this has been around for a while...

7/9/2008 1:46:44 AM

llama
All American
841 Posts
user info
edit post

looks pretty new to me

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1447

7/9/2008 8:01:52 AM

evan
All American
27701 Posts
user info
edit post

i was talking about cache poisoning

it's been around since the pyramids were built

7/9/2008 8:03:17 AM

scud
All American
10804 Posts
user info
edit post

evan: what's impressive here is the extremely coordinated response to attack it across all platforms at the same time.


but yeah i was using cache poisoning a decade ago to spoof my hostname on IRC servers.

7/9/2008 8:11:23 AM

mellocj
All American
1872 Posts
user info
edit post

I've been reading up on this.. basically Dan Kaminsky has "found" some new method of poisoning dns cache and has not released the details to the public. he was able to get cisco, microsoft, ISC etc and others involved to do patches to mitigate the issue.

The details are supposed to be released at a talk he is doing in early august.

7/9/2008 8:14:28 AM

bous
All American
11215 Posts
user info
edit post

<3 people that find shit wrong and the vendors work with them to fix it before they release it.

7/9/2008 9:42:33 AM

drhavoc
All American
3759 Posts
user info
edit post

Having known Dan personally for some years, and having been contacted by DHS back in mid-May about this, I can share some of the details.

What I can spell out presently is that Dan has found a way to take a single UDP packet and rewrite A records in any DNS server that accepts UDP requests due to weaknesses in entropy and the 16-bit nonce.

The original notice was supposed to have been released on June 10th, but Microsoft (one of Dan's current employers), out of all the vendors missed the patch deadline so it was pushed off until yesterday.

If you've not familiar with Dan's work, I think he still has his website up at http://www.doxpara.com, but he is not planning to release the proto-code until BlackHat.

The running joke about Dan is that he was dropped on his head as a kid and just sees things VERY differently from everyone. It was explained to me along the same lines as "seeing the arrow in the FedEx truck".

[Edited on July 9, 2008 at 10:16 AM. Reason : ]

7/9/2008 10:14:31 AM

evan
All American
27701 Posts
user info
edit post

Quote :
"What I can spell out presently is that Dan has found a way to take a single UDP packet and rewrite A records in any DNS server that accepts UDP requests due to weaknesses in entropy and the 16-bit nonce.
"


ok, yeah, that's just a SMALL problem.

7/9/2008 10:31:11 AM

Prospero
All American
11662 Posts
user info
edit post

3-years old:
http://www.theregister.co.uk/2008/07/09/dns_bug_student_discovery/

7/9/2008 6:00:11 PM

mellocj
All American
1872 Posts
user info
edit post

^ Maybe, maybe not. I listened to an interview with Dan Kaminsky and he says that the exploit is not that obvious, and that the patching is only a way to circumvent the problem without revealing what the exploit is.

If the "new" exploit was really this old exploit, then I'm surprised he was able to get all of these companies on board with releasing patches quickly.

7/9/2008 7:13:42 PM

ScHpEnXeL
Suspended
32613 Posts
user info
edit post

so how much does someone get paid for finding shit like this and saving the internetz

7/9/2008 8:39:04 PM

drhavoc
All American
3759 Posts
user info
edit post

Dan doesn't get paid anything for his own research. He does it for the love of research, seriously.

The vulnerability is not that obvious and it's not the one being mentioned as "old" in here. Beyond patching, the implementation of DNSSEC is the only way to truly fix it.

It's not as if the patch was extremely quick. Maybe by comparison, but the process was nearly 4 months in the works.

7/9/2008 8:55:12 PM

mellocj
All American
1872 Posts
user info
edit post

^ having your name in hundreds if not thousands of articles as being the one to uncover this new exploit certainly is worth more than someone paying you for the time it took you though. I'm sure he does consulting and this will make his name a lot more valuable.

7/9/2008 10:30:11 PM

drhavoc
All American
3759 Posts
user info
edit post

Without a doubt!

IOActive, DoxPara and Microsoft are only 3 of his gigs.

He's one smart cookie.

7/10/2008 1:33:07 PM

 Message Boards » Tech Talk » Big DNS vulnerability Page [1]  
go to top | |
Admin Options : move topic | lock topic

© 2024 by The Wolf Web - All Rights Reserved.
The material located at this site is not endorsed, sponsored or provided by or on behalf of North Carolina State University.
Powered by CrazyWeb v2.39 - our disclaimer.