[dns-operations] DNS issue accidentally leaked?

Karsten Nohl nohl at virginia.edu
Tue Jul 22 15:26:53 UTC 2008

Alperovitch, Dmitri wrote:
> How is this attack really different from the birthday attack described by
> Joe Stewart and others in 2002?  Perhaps a slide variation on it but I
> wouldn't call it earthshakingly new...

The difference is its use of additional RR records. The request is for 
some arbitrary sub domain like 12345.google.com, but your spoofed 
response also includes the record for www.google.com

The attack is much more powerful than other DNS poisoning techniques 
because you can creates a large number of open requests, each of which 
lets you modify the mapping for www.google.com if you correctly guess 
its transaction ID and source port.

More information about the dns-operations mailing list