The DNS fiasco

Posted by Rudd-O at Jul 21, 2008 06:49 PM | Permalink

Filed under: cool, information security

The ZDNET guys are discussing the DNS fiasco, but they forgot one little detail which makes the vulnerability ever so much more potent than what it looks like:

Halvar just posted a very good hypothesis, but one that does not include the fact that a forged request can also include a glue record that updates the cache on the attacked server, with a very long TTL. What this gibberish means is that you can attack a DNS in ten seconds and gain control of all queries sent to that DNS for all subdomains of any second-level domain like google.com. You "hijack" xkdjlsfjls.google.com and you have in effect hijacked the entirety of google.com for all users of the target DNS.

I'd post the Matasano article -- which has a very good explanation -- but I'd rather not worry about copyright infringement lawsuits.

Document Actions

Add comment

You can add a comment by filling out the form below. Plain text formatting.

Info: You are not logged in. You may optionally enter your username and password below. If you don't enter anything, this comment will be posted as 'Anonymous User'.

Name

Password

Subject (Required)

Comment (Required)

Enter the word below (Required)