DNS Flaw Not Resolved?
Results 1 to 4 of 4

Thread: DNS Flaw Not Resolved?

  1. #1
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190

    DNS Flaw Not Resolved?

    Seems the recent DNS patches are not a magic bullet:

    The Internet remains vulnerable to exploits of a critical security flaw in the Domain Name System, a Russian programmer demonstrated last week. Writing on his blog on Friday, Evgeniy Polyakov posted that he had succeeded in getting patched DNS software to return an incorrect location in less than 10 hours.
    That doesn't mean that the patches are valueless, but that more work is required on a solution.

    OK, I don't think that we need worry about script kiddies and part time criminals here, as the resources required are probably well beyond their means. Unfortunately malicious activity on the internet has taken an increasingly professional criminal turn of late, and the pros certainly can afford it if the rewards are there for the taking.

    Full article here:

    http://www.crm-daily.com/story.xhtml...d=0300032O5BDC

  2. #2
    Senior Member cwk9's Avatar
    Join Date
    Feb 2002
    Posts
    1,211
    The patch was never intended to fix these issue just make it a lot more time consuming to pull off. What this article fails to mention is that this was done over a Gigabit Ethernet connection. So you need a very fast link to the DNS server and for no one to notice that you flooded it. DNS is still a broken system security wise but what else is new. Doxpara has some great stuff on this whole mess minus the BS fear mongering. http://www.doxpara.com/?p=1215

  3. #3
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    What this article fails to mention is that this was done over a Gigabit Ethernet connection. So you need a very fast link to the DNS server
    "So far, what Polyakov has managed to prove is that in a controlled test with highly powerful systems on a fast network, Dan Kaminsky's attack-vector window still exists and is about 10 hours in length,"
    seems you missed that bit?

    minus the BS fear mongering.
    OK, I don't think that we need worry about script kiddies and part time criminals here, as the resources required are probably well beyond their means.

  4. #4
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    Why are people surprised when patches don't fix things that were never engineered for their current use? DNS is another Internet service that was never meant to be used in the capacity it currently serves. Until we stop bolting wings on to VW bugs and truly engineer purpose built services, this stuff will never end.

    There is your public service announcement for the day.


    --Th13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

Similar Threads

  1. Java flaw could lead to Windows, Linux attacks
    By SDK in forum Miscellaneous Security Discussions
    Replies: 15
    Last Post: November 26th, 2004, 04:50 AM
  2. Exploit code makes IE flaw more dangerous
    By SDK in forum Microsoft Security Discussions
    Replies: 3
    Last Post: November 5th, 2004, 04:51 PM
  3. Code to exploit Windows graphics flaw now public
    By SDK in forum Microsoft Security Discussions
    Replies: 24
    Last Post: September 30th, 2004, 09:09 PM
  4. Security firm warns of new IE flaw
    By SDK in forum Microsoft Security Discussions
    Replies: 5
    Last Post: January 30th, 2004, 03:39 AM
  5. Another serious MSN Messenger flaw
    By Ratman2 in forum Microsoft Security Discussions
    Replies: 4
    Last Post: May 6th, 2002, 10:15 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •