[conspire] DNS vulnerability details

Ruben Safir ruben at mrbrklyn.com
Fri Jul 25 17:23:46 PDT 2008

On Fri, Jul 25, 2008 at 05:11:54PM -0700, Ryan Russell wrote:
> Ruben Safir wrote:
> >The first client resolver request sends to DNS.myserver.com on port 53
> And then dns.myserver.com turns around and asks some other DNS server a 
> question using a random source port. That's the change. It used to ask 
> this other server from port 53, or random port >1023, or with poor 
> randomness. For most DNS servers.

Thanks Ryan.  In the recursive resolution how would the two DNS servers
agree which port to tickle?


> >
> >The server can open a new random port but sends data back to the client
> >on 53 which then has information on which port to respond back to.
> >
> >and querry to the serve is going to go to 53 and wait for a response
> >and the be told where to post to next.  Seems like a lot of oppurtunity
> >to poison a servers cach still.  It might complicate broot force but
> >nothing that can't be automated.
> It can still be brute forced. The current effort is to make the work go 
> from 16-bits (just txid) to ~32 bits, txid + 64K source ports.
> >
> >Of a man in the middle, nothing is encypted, and you "in the middle"
> >so sniffing a DNS Servers ports should be not that hard.
> We're talking about a blind spoofing attack, no sniffing involved.
> >I suppose I'm not getting soething here.  I can't help but feel that until
> >of criticle systems services are using cryptography, that we just continue 
> >to
> >go in circles.
> Some are proposing DNSSEC, which will bring many many bugs and new attacks.
> >freeswan had opputunitic tcp cryptography at one time.  I wonder what 
> >became of it.
> The kinds of DNS packet spoofing under discussion are of the UDP variety.
> 					Ryan

http://www.mrbrklyn.com - Interesting Stuff
http://www.nylxs.com - Leadership Development in Free Software

So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world  - RI Safir 1998

http://fairuse.nylxs.com  DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002

"Yeah - I write Free Software...so SUE ME"

"The tremendous problem we face is that we are becoming sharecroppers to our own cultural heritage -- we need the ability to participate in our own society."

"> I'm an engineer. I choose the best tool for the job, politics be damned.<
You must be a stupid engineer then, because politcs and technology have been attached at the hip since the 1st dynasty in Ancient Egypt.  I guess you missed that one."

© Copyright for the Digital Millennium

More information about the conspire mailing list