|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Parity (pty.err
gmail.com)
Date: Sun Jul 13 2008 - 16:02:41 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sun, Jul 13, 2008 at 3:18 PM, Petja van der Lek <lekxs4all.nl> wrote:
> Now, were a name server to retain and reuse the TID received from a
> client in its corresponding outgoing queries, the possibility of a
> collision of TIDs from queries received from separate clients would be
> small but non-negligible on a busy name server. Such a collision could
> ruin the server's whole day, I presume, and make for a pretty broken
> design. I know it's BIND we're talking about, but still...
TXID collissions are easy to induce.
Remember the old joke that starts, "How do you keep a moron in suspense?"
If you're evil.com, just ask a vulnerable name server to resolve
0x0000.evil.com. And 0x0001.evil.com. And 0x0002.evil.com. And so on.
And when the resolver comes 'round asking ns1.evil.com for the records it's
after, just pretend the question was, "How do you keep a DNS resolver in
suspense?"
pty
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]