« NoMachine NX fails on Fedora 9 — here’s the solution
Dear lazyweb: question about x86_64 »

The DNS fiasco

The ZDNET guys are discussing the DNS fiasco, but they forgot one little detail which makes the vulnerability ever so much more potent than what it looks like:

Halvar just posted a very good hypothesis, but one that does not include the fact that a forged request can also include a glue record that updates the cache on the attacked server, with a very long TTL. What this gibberish means is that you can attack a DNS in ten seconds and gain control of all queries sent to that DNS for all subdomains of any second-level domain like google.com. You “hijack” xkdjlsfjls.google.com and you have in effect hijacked the entirety of google.com for all users of the target DNS.

I’d post the Matasano article — which has a very good explanation — but I’d rather not worry about copyright infringement lawsuits.

This entry was posted on Monday, July 21st, 2008 at 18:49 and is filed under Cool, Information security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

3 Responses to “The DNS fiasco”

  1. Askadar Says:
    July 22nd, 2008 at 6:04

    Somebody else posted the Matasano article:

    http://blogs.buanzo.com.ar/2008/07/matasano-kaminsky-dns-forgery.html

    Highly interesting read.

  2. HCS’s and Gen’s Place » Blog Archive » The “cabal” over a DNS flaw is finally busted. Says:
    July 22nd, 2008 at 19:03

    [...] Rudd-o.com [...]

  3. Rudd-O Says:
    July 22nd, 2008 at 23:28

    Yah, I read it too, before buanzo.com.ar posted it.

Leave a Reply