|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Jon Oberheide (jon
oberheide.org)
Date: Mon Jul 14 2008 - 09:20:57 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, 2008-07-14 at 08:21 +0200, Thomas Pollet wrote:
> - suppose you want to spoof a nonexistant subdomain of a site, e.g.
> pwned.paypal.com
> - you get a user on a website to repeatedly request something on that
> domain from within a web page
> - as the domain does not exist, every request will result in a dns lookup
Not necessarily. DNS has all sorts of wonderfully quirky features, one
of them being negative caching [1]. So your NXDOMAIN/SERVFAIL/whatever
responses for a RR can be cached too.
> - while the dns request is ongoing, flood the client (and intermediate
> dns in a recursive scheme) with fake responses.
Even if you did succeed, all you'd be left with pwned.paypal.com which
might be more effective than heyipromisethisispaypal.com in your
phishing emails, but has no where near the impact of arbitrary RR
poisoning.
Regards,
Jon Oberheide
[1] http://www.ietf.org/rfc/rfc2308.txt
--
Jon Oberheide <jonoberheide.org>
GnuPG Key: 1024D/F47C17FE
Fingerprint: B716 DA66 8173 6EDD 28F6 F184 5842 1C89 F47C 17FE
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQBIe2DJWEIcifR8F/4RAl3gAKD0VzPPfHAqFFEvJW0bxA9zIyCTMwCg3vEs
fziEQypPwB6fr0hxB+EX8Sc=
=wEyj
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]