[dns-operations] first (lab) spoof of a fully source port randomised server reported
Ray.Bellis at nominet.org.uk
Ray.Bellis at nominet.org.uk
Fri Aug 8 16:45:56 UTC 2008
> http://tservice.net.ru/~s0mbre/blog/devel/networking/dns/2008_08_08.html
>
> "Attack took about half of the day, i.e. a bit less than 10 hours.
> So, if you have a GigE lan, any trojaned machine can poison your DNS
during
> one night... "
I note that their figures (130k requests, 40k-50k fake replies per
request) suggest a minimum of 5.2e9 fake replies were sent.
As I understand it, that's over twice as many requests as should *on
average* be needed to spoof a system with 32 bits of entropy (i.e. 2.0e9).
Ray
--
Ray Bellis, MA(Oxon)
Senior Researcher in Advanced Projects, Nominet
e: ray at nominet.org.uk, t: +44 1865 332211
More information about the dns-operations
mailing list