Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer)

from [Jamie Riden] Network Security [Permanent Link]
Subject: Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer)
Date: Tue, 24 Jul 2007 21:18:47 +0100 
On 24 Jul 2007 17:40:35 -0000, securityfocus@networkontap.com
<securityfocus@networkontap.com> wrote:

I don't exactly see how this is new "News" since Zalewski's paper on TCP 
sequence number analysis (which included analysis of versions of BIND):

http://lcamtuf.coredump.cx/newtcp/ 

That article does not deal with attacks on BIND's PRNG.

As far as I can tell, Joe Stewart extended Zalewski's TCP sequence
number analysis to BIND's transaction IDs - however I don't think
Stewart's paper "DNS Cache Poisoning – The Next Generation" (
www.lurhq.com/dnscache.pdf ) goes as far as the recent BIND advisory
here - http://www.isc.org/sw/bind/bind-security.php:

"The DNS query id generation is vulnerable to cryptographic analysis
which provides a 1 in 8 chance of guessing the next query id for 50%
of the query ids. This can be used to perform cache poisoning by an
attacker."

I don't think that Amit's attack has been described before.

cheers,
Jamie
--
Jamie Riden / jamesr@europe.com / jamie@honeynet.org.uk
UK Honeynet Project: http://www.ukhoneynet.org/

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  PHPSysInfo Index.php Cross Site Scripting, DoZ
Next by Date:  [Full-disclosure] rPSA-2007-0149-1 bind bind-utils, rPath Update Announcements
Previous by Thread:  Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer), Amit Klein
Next by Thread:  Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer), Theo de Raadt
Indexes:  [Date] [Thread] [Top] [All Lists]