Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] DNS spoofing issue. Thoughts on

from [imipak] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] DNS spoofing issue. Thoughts on
Date: Sat, 26 Jul 2008 20:34:36 +0100 
Hi Paul,



The attack isn't "impossible", it's more like "1% chance *per hour* that
your IDS doesn't notice and stop the attempts".  Big difference...



The information that I have says it's statistically impossible *if*
you are patched.




It's not statistically impossible; it just takes 2^16 times longer.
And as Joe Greco observed on NANOG:


But realizing that going from 11 seconds to (11 * 64512 =) 8.21 days is
not a significant jump from the PoV of an attacker would certainly have
factored into my decision-making process.


http://readlist.com/lists/trapdoor.merit.edu/nanog/7/37358.html


IDS of various flavours (from the straightforward cache-monitoring
script posted yesterday, to Snort or the latest "Enterprise Intrusion
Prevention solution" changes the odds somewhat, but this is what is
meant when people say DNSSEC is the only solution (on the table today,
anyway) to the fundamental problem.


=i

-- 
make way for history
flickering like a long-lost memory

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] Media backlash begins against HD Moore and I)ruid, n3td3v
Next by Date:  Re: [Full-disclosure] DNS spoofing issue. Thoughts on, n3td3v
Previous by Thread:  [Full-disclosure] Media backlash begins against HD Moore and I)ruid, n3td3v
Next by Thread:  Re: [Full-disclosure] DNS spoofing issue. Thoughts on, n3td3v
Indexes:  [Date] [Thread] [Top] [All Lists]