[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] DNS spoofing issue. Thoughts on potential exploits

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] DNS spoofing issue. Thoughts on potential exploits
From: list-fulldisclosure@xxxxxxx
Date: Thu, 24 Jul 2008 22:06:30 +0000

> What is always required is a machine where the user has the ability to write
> packets to the network with any IP. This usually means super user access.
> It is difficult in most cases to send udp packets with forged IP since
> routers will not accept them. That is why it is difficult to conduct an
> attack against a random target.

Spoofing one's IP is trivial; there is no - NO - source address checking at the 
major transit providers; good thing too, it would break lots of things (it's 
possible - and common - to send packets out to a transit provider with a source 
IP address that you have *not* announced to them).

Good ISPs tend to check the source address of single-homed customers; plenty of 
ISPs don't.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] DNS spoofing issue. Thoughts on potential exploits
  - From: Mark Andrews

References:
- Re: [Full-disclosure] DNS spoofing issue. Thoughts on potential exploits
  - From: Troy Xyz

Prev by Date: [Full-disclosure] Kaminsky corroborates the DNS vuln. discovered and published by Flake
Next by Date: [Full-disclosure] Pen Test forums?
Previous by thread: Re: [Full-disclosure] DNS spoofing issue. Thoughts on potential exploits
Next by thread: Re: [Full-disclosure] DNS spoofing issue. Thoughts on potential exploits
Index(es):
- Date
- Thread