RE: The Impact of RFC Guidelines on DNS Spoofing Attacks

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: RE: The Impact of RFC Guidelines on DNS Spoofing Attacks
From: have2Banonymous <a637831@xxxxxxxxx>
Date: Sun, 18 Jul 2004 06:38:00 -0700 (PDT)
In-reply-to: <653D74053BA6F54A81ED83DCF969DF0815C2CF@xxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Hi,

The DNS paper is not at the mentioned URL since it was published in phrack 
instead, and can be
found at the URL http://www.phrack.org/show.php?p=62&a=3


> -----Original Message-----
> From: have2Banonymous [mailto:a637831@xxxxxxxxx] 
> Sent: Monday, July 12, 2004 5:46 AM
> To: bugtraq@xxxxxxxxxxxxxxxxx
> Subject: The Impact of RFC Guidelines on DNS Spoofing Attacks
> 
> 
> EXECUTIVE SUMMARY
> 
> This paper provides a brief overview of basic Domain Name System (DNS)
> spoofing attacks against DNS client resolvers.  Technical challenges are
> proposed that should help to both identify attempted attacks and prevent
> them from being successful.  Relevant Request for Comments (RFC)
> guidelines, used by programmers to help ensure their DNS resolver code
> meets specifications, are reviewed.  This results in the realisation
> that the RFC guidelines are not adequately specific or forceful to help
> identify or prevent DNS spoofing attacks against DNS client resolvers. 
> Furthermore, the RFC guidelines actually simplify such attacks to a
> level that has not previously been discussed in the public domain until
> now.
> 
> To highlight the consequences of merely conforming to the RFC guidelines
> without considering security ramifications, an example DNS spoofing
> attack against the DNS resolver in Microsoft Windows XP is provided.
> This illustrates serious weaknesses in the Windows XP DNS resolver
> client implementation.  For example, Windows XP will accept a DNS reply
> as being valid without performing a thorough check that the DNS reply
> actually matches the DNS request.  This allows an attacker to create a
> malicious generic DNS reply that only needs to meet a couple of criteria
> with predictable values in order to be accepted as a valid DNS reply by
> the targeted user.
> 
> This paper discusses the practical impact of the issues raised, such as
> the ability to perform a successful and reasonably undetectable DNS
> spoofing attack against a large target base of Windows XP users, without
> the attacker requiring knowledge of the DNS requests issued by the
> targeted users.  Finally, a comparison with the DNS resolver in Debian
> Linux is supplied.
> 
> 
> The paper can be found at the following URL:
> http://members.ozemail.com.au/~987654321/impact_of_rfc_on_dns_spoofing.p
> df
> 



                
__________________________________
Do you Yahoo!?
Vote for the stars of Yahoo!'s next ad campaign!
http://advision.webevents.yahoo.com/yahoo/votelifeengine/

Prev by Date: [SECURITY] [DSA 528-1] New ethereal packages fix denial of service
Next by Date: [SECURITY] [DSA 529-1] New netkit-telnet-ssl package fixes format string vulnerability
Previous by thread: The Impact of RFC Guidelines on DNS Spoofing Attacks
Next by thread: MDKSA-2004:069 - Updated ipsec-tools packages fix multiple vulnerabilities
Index(es):
- Date
- Thread