Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] DNS spoofing issue. Thoughts on

from [Glenn.Everhart] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] DNS spoofing issue. Thoughts on
Date: Sun, 27 Jul 2008 14:07:03 -0400 
1% per hour for each target. Lots of targets.

The need for something more like ssl certs in there remains. (Also needed for
bgp I suspect). By extension, some "web of trust" variation of CERTs would
make much of this easier for those not interested in or able to pay for
certs from commercial suppliers.


-----Original Message-----
From: full-disclosure-bounces@lists.grok.org.uk
[mailto:full-disclosure-bounces@lists.grok.org.uk]On Behalf Of
Valdis.Kletnieks@vt.edu
Sent: Saturday, July 26, 2008 12:58 AM
To: Paul Schmehl
Cc: RandallMan; full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] DNS spoofing issue. Thoughts on


On Fri, 25 Jul 2008 23:16:18 CDT, Paul Schmehl said:


Just apply the Microsoft patches and you'll be fine.  The patches make the
attack essentially impossible.


Paul, don't make me take you out back and smack you around. :)

First off - SBC probably doesn't run Windows on the server(s) that they do the
external for RandallMan's site, so the Microsoft patches are going to do
squat-all for that side of the problem.  And RandallMan most certainly *DOES*
need to worry about SBC getting patched - that's the *biggest* threat now, is
mass poisoning of an ISP's DNS servers affecting *all* their customers.

Paul Vixie already pointed out that on an unpatched system, the DNS can get
poisoned in about 11 seconds. And we *also* know that by iteratively trying new 
bogus
names, the attacker can keep trying over and over till it works or they get
bored. And all the current patches do is make it *harder* to hit.

The attack isn't "impossible", it's more like "1% chance *per hour* that your
IDS doesn't notice and stop the attempts".  Big difference...


-----------------------------------------
This transmission may contain information that is privileged,
confidential, legally privileged, and/or exempt from disclosure
under applicable law.  If you are not the intended recipient, you
are hereby notified that any disclosure, copying, distribution, or
use of the information contained herein (including any reliance
thereon) is STRICTLY PROHIBITED.  Although this transmission and
any attachments are believed to be free of any virus or other
defect that might affect any computer system into which it is
received and opened, it is the responsibility of the recipient to
ensure that it is virus free and no responsibility is accepted by
JPMorgan Chase & Co., its subsidiaries and affiliates, as
applicable, for any loss or damage arising in any way from its use.
 If you received this transmission in error, please immediately
contact the sender and destroy the material in its entirety,
whether in electronic or hard copy format. Thank you.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] Dan Kaminsky Disclosure Methodology + Super Critical vulnerability disclosure in Windows, Robert Holgstad
Next by Date:  [Full-disclosure] [ MDVSA-2008:155-1 ] - Updated Thunderbird packages fix multiple vulnerabilities, security
Previous by Thread:  Re: [Full-disclosure] DNS spoofing issue. Thoughts on, Valdis . Kletnieks
Next by Thread:  Re: [Full-disclosure] DNS spoofing issue. Thoughts on, Valdis . Kletnieks
Indexes:  [Date] [Thread] [Top] [All Lists]