[dns-operations] DNS issue accidentally leaked?
nohl at virginia.edu
Tue Jul 22 15:26:53 UTC 2008
Alperovitch, Dmitri wrote:
> How is this attack really different from the birthday attack described by
> Joe Stewart and others in 2002? Perhaps a slide variation on it but I
> wouldn't call it earthshakingly new...
The difference is its use of additional RR records. The request is for
some arbitrary sub domain like 12345.google.com, but your spoofed
response also includes the record for www.google.com
The attack is much more powerful than other DNS poisoning techniques
because you can creates a large number of open requests, each of which
lets you modify the mapping for www.google.com if you correctly guess
its transaction ID and source port.
More information about the dns-operations