[hcs-d] "Massive" DNS Vulnerability - Is it really that bad?

Greg Price gprice at post.harvard.edu
Tue Jul 8 20:41:38 EDT 2008


On Tue, Jul 8, 2008 at 7:15 PM, Joshua Kroll <jkroll at hcs.harvard.edu> wrote:
> We've known that DNS is vulnerable to spoofing for a long
> time. Nothing has changed. There aren't even new attacks out there
> (well, there are plenty of new DNS attacks, but they aren't this
> heavy-handed). Wouldn't it be better to use a firewall that was clever
> enough not to let 33,000 DNS packets through in only a few ms?

It doesn't take 33000 packets in a few ms; 3000 will give you a 5% hit
rate, which is enough to phish a lot of people, and if it has the
birthday vulnerability you can make just 500 requests and 500
responses for a hit rate over 80%.  Plus it sounds like some
implementations failed to properly randomize the space they had.

I guess it's not clear how much of this is news, but when vendors
supply fixed versions (as Ubuntu has), it's certainly worth upgrading.

Greg


More information about the hcs-discuss mailing list