logo

  •   Submit to to del.icio.us   Submit to to digg   submit to to reddit   submit to to StumbleUpon   submit to to Google   Submit to to Yahoo!

Category: news | Posted by Avatar Staff 168 days ago
Via: http://lists.jammed.com | Tags: isn researchers hypothesis expose ubersecret dns flaw comments Discuss  






From: InfoSec News <alerts_at_private>




Date: Wed, 23 Jul 2008 02:39:17 -0500 (CDT)






http://www.theregister.co.uk/2008/07/21/dns_flaw_speculation/



By Dan Goodin in San Francisco

The Register

21st July 2008



Two weeks ago, when security researcher Dan Kaminsky announced a 

devastating flaw in the internet's address lookup system, he took the 

unusual step of admonishing his peers not to publicly speculate on the 

specifics. The concern, he said, was that online discussions about how 

the vulnerability worked could teach black hat hackers how to exploit it 

before overlords of the domain name system had a chance to fix it.



That hasn't stopped researcher Halvar Flake from posting a hypothesis 

[1] that several researchers say is highly plausible. It describes a 

simple method for tampering with DNS name servers that get queried when 

a user tries to visit a specific website. As a result, attackers would 

redirect someone trying to visit a site such as bankofamerica.com to an 

impostor site that steals their credentials.



The recipe calls for the attacker to flood a DNS server with multiple 

requests for domain names, for instance www.ulam00001.com, 

www.ulam00002.com and so on. Since the name server hasn't seen these 

requests before, it queries a root server for the name server that 

handles lookups for domains ending in .com. The attacker then uses the 

information to send fraudulent lookup information to the DNS server and 

make it appear as if it came from the authoritative .com name server. 

With enough requests, eventually one of the spoofed requests will match 

and the IP address for a requested domain will be falsified.



[1] http://addxorrol.blogspot.com/



[...]





_______________________________________________      

Attend Black Hat USA, August 2-7 in Las Vegas, 

the world's premier technical event for ICT security experts.

Featuring 40 hands-on training courses and 80 Briefings 

presentations with lots of new content and new tools.

Network with 4,000 delegates from 50 nations.  

Visit product displays by 30 top sponsors in 

a relaxed setting. http://www.blackhat.com



Received on Wed Jul 23 2008 - 00:39:17 PDT
addto Add this link to... report Bury 


Comments Who Voted Related Links
Copyright 2005-2008 Best of Security