Kaminsky finds DNS exploit

Ben Laurie ben at links.org
Wed Jul 9 17:26:02 EDT 2008 

Steven M. Bellovin wrote:
> On Wed, 09 Jul 2008 11:22:58 +0530
> Udhay Shankar N <udhay at pobox.com> wrote:
> 
>> I think Dan Kaminsky is on this list. Any other tidbits you can add 
>> prior to Black Hat?
>>
>> Udhay
>>
>> http://www.liquidmatrix.org/blog/2008/07/08/kaminsky-breaks-dns/
>>
> I'm curious about the details of the attack.  Paul Vixie published the
> basic idea in 1995 at Usenix Security
> (http://www.usenix.org/publications/library/proceedings/security95/vixie.html)
> -- in a section titled "What We Cannot Fix", he wrote:
> 
> 	With only 16 bits worth of query ID and 16 bits worth of UDP port
> 	number, it's hard not to be predictable.  A determined attacker
> 	can try all the numbers in a very short time and can use patterns
> 	derived from examination of the freely available BIND code.  Even
> 	if we had a white noise generator to help randomize our numbers,
> 	it's just too easy to try them all.

So this seems to me to only be really true in a theoretical sense. 
Exploring the whole 32 bit space obviously requires well in excess of 4 
GB of traffic, which is clearly a non-trivial amount to dump on your victim.

According to other data, the fix in BIND is to:

a) use random ports

b) use a good PRNG

so I'm beginning to suspect the issue is simply that the theory that it 
was easy to attack led to no effort being made to make it as hard as 
possible. And now it has.

> Obligatory crypto: the ISC web page on the attack notes "DNSSEC is the
> only definitive solution for this issue. Understanding that immediate
> DNSSEC deployment is not a realistic expectation..."

The beauty of DNSSEC being, of course, that any answer that verifies can 
be trusted - so its of no interest who provided that answer.

-- 
http://www.apache-ssl.org/ben.html           http://www.links.org/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list