[dns-operations] Description of the "Kashpureff-style DNS cache corruption attack"
Peter Dambier
peter at peter-dambier.de
Sun Nov 26 21:33:39 UTC 2006
Florian Weimer wrote:
> * Peter Dambier:
>
>
>>The real attack is a little bit more elaborated but the trick is:
>>
>>Ask for a domain where you control the nameservers and return
>>glue records for a domain you are not really authoritative for.
>
>
> I've figured out that much (and I've seen quite a few of the
> "attacks", which looked more like a configuration shortcuts to me).
>
> But I don't see how BIND 9 in forward-only mode would care about glue.
> Even if the resolver has got a wrong view of who's authoritative for
> what, it shouldn't matter because all queries are sent through the
> forwarders. And they should know what they are doing.
It is the outside resolver that I would be careful about.
I am very fond with BIND 9.4.0b2 and I shall be trying b4 soon.
I have seen BIND 9 only caching things I queried for. No, I
dont think it is interested in the glue.
Kind regards
Peter and Karin
--
Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Rimbacher-Strasse 16
D-69509 Moerlenbach-Bonsweiher
+49(6209)795-816 (Telekom)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de
mail: peter at echnaton.serveftp.com
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/
http://www.cesidianroot.com/
More information about the dns-operations
mailing list