Attacking networks using DHCP, DNS - probably kills DNSSEC
Thor Lancelot Simon
tls at rek.tjls.com
Sat Jun 28 18:55:49 EDT 2003
On Sat, Jun 28, 2003 at 01:06:03PM -0700, Bill Stewart wrote:
> Somebody did an interesting attack on a cable network's customers.
> They cracked the cable company's DHCP server, got it to provide a
> "Connection-specific DNS suffic" pointing to a machine they owned,
> and also told it to use their DNS server.
> This meant that when your machine wanted to look up yahoo.com,
> it would look up yahoo.com.attackersdomain.com instead.
This problem is old and well-understood. It is why there is work
in the IETF to combine the acquisition of a DHCP lease with the
acquisition of an initial IPsec SA to integrity-protect that
lease.
It's not easy for me to see why anyone would expect anything *but*
that MITM attacks against client systems that are entirely
configured by DHCP would be practical. If the DHCP client and
server share no cryptographic guarantee of trust...
..oh, I'm sorry, I forgot that the anacephalic have fallen for
"you can magic up trust out of nowhere" about ten times in
succession in my immediately previous area of work, 802.11. :-)
Where I used to work, at ReefEdge, we disposed of the 802.11
security garbage and used a TLS-based solution that was not
entirely unlike PIC, dispensing temporary credentials for use
with IKE to users based on their legacy authentication. As the
designer and maintainer of this system, I became *very* cognizant
of DHCP-based and DNS-based attacks, and very skeptical of the
sort of proposal someone brought be every few days suggesting
that some later establishment of a trust relationship could
overcome a successful MITM attack on one of the early stages of
the client's "boot up and get SA" negotiation.
(of course, I also became very skeptical of many other folks'
"use legacy credentials to bootstrap IKE" techniques; there
are implementations out there in widespread use which default
to only authentication methods that are trivially MITMed, and
at least one I can think of that _can not be configured_ to
do standard IKE in a secure way. Ouch! But the simultaneous
IKE and DHCP proposal I read a few years ago at the London
IETF seemed pretty sound.)
Thor
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list