?

Log in

No account? Create an account

Gonzo's Recorded History

Ancient history


July 24th, 2008

DNS cache poisoning @ 02:03 am

So, the cat is out of the bag. The DNS theoretical flaw is now real, with exploit code written. It currently takes a couple minutes, but it can be changed to take a few seconds. It has to do with sloppy reception of RR records really. I wrote a bit of code today to try to get it accept an alternate address, and I came pretty close. But not bad for 5 minutes in perl. Just had to get the tuning a little tigheter. And that was just based off what leaked earlier today. Some guy broke it wide open though.

Anyway, long and short: Patch. If you have updates on desktops, install them. If you have updates on your NAT device, install them. If you have updates on your servers, get them in. DNS is the start of trust within some parts of the modern web, and with the right ripple attack, we're looking at a worm that could exploit the crap out of a ton of machines. Convince a bunch of machines they're microsoft.com, push some code automatically, wheeeeee...

INSTALL YOUR UPDATES!
 
Share  |  |

Comments

 
[User Picture Icon]
From:punkinberry
Date:July 24th, 2008 02:59 pm (UTC)
(Link)
N00b question incoming: does this affect Macs, too?
[User Picture Icon]
From:goninzo
Date:July 24th, 2008 04:38 pm (UTC)
(Link)
Yes. Very few operating systems were spared, due to the flaw in the way the RR's are returned.

Gonzo's Recorded History

Ancient history