|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Thomas Pollet (thomas.pollet
gmail.com)
Date: Mon Jul 14 2008 - 01:21:05 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
I have this theory
- suppose you want to spoof a nonexistant subdomain of a site, e.g.
pwned.paypal.com
- you get a user on a website to repeatedly request something on that
domain from within a web page
- as the domain does not exist, every request will result in a dns lookup
- while the dns request is ongoing, flood the client (and intermediate
dns in a recursive scheme) with fake responses.
on average this would "cost" about 200GB (for a 100 byte fake dns
response).
Regards,
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]