[conspire] DNS vulnerability details
ryan at thievco.com
Fri Jul 25 17:43:10 PDT 2008
Ruben Safir wrote:
> Thanks Ryan. In the recursive resolution how would the two DNS servers
> agree which port to tickle?
Standard TCP/IP "connection" logic. The DNS server in the first step is
now acting as a DNS Client in the second step. So it picks source port
48621 and sends a packet to second DNS server at port 53. Second DNS
server remembers port 48621, does what it needs to, and sends the reply
back that way.
Attacker wanted to fool DNS server 1 with a packet that appeared to be
coming from DNS Server 2. Not knowing the source port makes it that much
harder for the attacker.
More information about the conspire