Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: After 6 months - fix available for Microsoft DNS cache poisoning attack

____/ Linonut on Wednesday 14 November 2007 17:25 : \____

> After takin' a swig o' grog, p5000011 belched out this bit o' wisdom:
> 
>> http://www.securityfocus.com/archive/1/483635/30/0/threaded
>>
>> | After 6 months - fix available for Microsoft DNS cache poisoning
>> | attack
>> | 
>> | On April this year I discovered a new vulnerability that enables DNS
>> | cache poisoning attack against the Windows DNS server. Today (November
>> | 13th, 2007) - six and a half months after being informed - Microsoft
>> | released a fix for this vulnerability. As the fix is now publicly
>> | available, I can finally share my research finding with you.
> 
> Random numbers again:
> 
>    The transaction ID is
>    supposed to be a secure, random number that the attacker must
>    guess in order to poison the DNS cache. There are 65,536 possible
>    transaction ID values which make enumeration impractical in the
>    current network conditions.
> 
>    The weakness I found is in the transaction ID generation
>    algorithm of Windows DNS Server. By observing a few consecutive
>    transaction IDs from the same DNS server an attacker can predict
>    its next value.

But it's all encoded in binary, so nobody will notice. [sarcasm /]

-- 
                ~~ Best of wishes

Apprentice - fancy word for "slave"
http://Schestowitz.com  |  Open Prospects   |     PGP-Key: 0x74572E8E
Tasks: 116 total,   1 running, 115 sleeping,   0 stopped,   0 zombie
      http://iuron.com - knowledge engine, not a search engine

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index