Kaminsky finds DNS exploit
Steven M. Bellovin
smb at cs.columbia.edu
Wed Jul 9 11:18:10 EDT 2008
On Wed, 09 Jul 2008 11:22:58 +0530
Udhay Shankar N <udhay at pobox.com> wrote:
> I think Dan Kaminsky is on this list. Any other tidbits you can add
> prior to Black Hat?
>
> Udhay
>
> http://www.liquidmatrix.org/blog/2008/07/08/kaminsky-breaks-dns/
>
I'm curious about the details of the attack. Paul Vixie published the
basic idea in 1995 at Usenix Security
(http://www.usenix.org/publications/library/proceedings/security95/vixie.html)
-- in a section titled "What We Cannot Fix", he wrote:
With only 16 bits worth of query ID and 16 bits worth of UDP port
number, it's hard not to be predictable. A determined attacker
can try all the numbers in a very short time and can use patterns
derived from examination of the freely available BIND code. Even
if we had a white noise generator to help randomize our numbers,
it's just too easy to try them all.
Obligatory crypto: the ISC web page on the attack notes "DNSSEC is the
only definitive solution for this issue. Understanding that immediate
DNSSEC deployment is not a realistic expectation..."
--Steve Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list