[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] DNS Cache Dan Kamikaze (Actual Exploit Discussion)

To: "eugaaa@xxxxxxxxx" <eugaaa@xxxxxxxxx>
Subject: Re: [Full-disclosure] DNS Cache Dan Kamikaze (Actual Exploit Discussion)
From: coderman <coderman@xxxxxxxxx>
Date: Sun, 13 Jul 2008 15:15:37 -0700

On Sun, Jul 13, 2008 at 2:27 PM, eugaaa@xxxxxxxxx <eugaaa@xxxxxxxxx> wrote:
> ...
> So on that note I'll be more direct. Has anyone actually preemptively
> written any code or reversed this issue on their own? Or just, you
> know, attempted to understand the vulnerability in detail instead of
> relying on these intentionally vague advisories (dan)?

my money is currently on ICMP port unreachable combined with the
predictable ports to trick vulnerable resolvers into thinking the
configured nameservers are offline:

http://wari.mckay.com/~rm/dns_theroy.txt

you could fix this via the method described, and not imply that the
ICMP was part of the vector.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] DNS Cache Dan Kamikaze (Actual Exploit Discussion)
  - From: eugaaa@xxxxxxxxx

References:
- [Full-disclosure] DNS Cache Dan Kamikaze (Actual Exploit Discussion)
  - From: eugaaa@xxxxxxxxx
- Re: [Full-disclosure] DNS Cache Dan Kamikaze (Actual Exploit Discussion)
  - From: Paul Schmehl
- Re: [Full-disclosure] DNS Cache Dan Kamikaze (Actual Exploit Discussion)
  - From: eugaaa@xxxxxxxxx

Prev by Date: Re: [Full-disclosure] DNS Cache Dan Kamikaze (Actual Exploit Discussion)
Next by Date: Re: [Full-disclosure] DNS Cache Dan Kamikaze (Actual Exploit Discussion)
Previous by thread: Re: [Full-disclosure] DNS Cache Dan Kamikaze (Actual Exploit Discussion)
Next by thread: Re: [Full-disclosure] DNS Cache Dan Kamikaze (Actual Exploit Discussion)
Index(es):
- Date
- Thread