Steven M. Bellovin wrote:
On Wed, 09 Jul 2008 11:22:58 +0530
Udhay Shankar N <[EMAIL PROTECTED]> wrote:
I think Dan Kaminsky is on this list. Any other tidbits you can add
prior to Black Hat?
Udhay
http://www.liquidmatrix.org/blog/2008/07/08/kaminsky-breaks-dns/
I'm curious about the details of the attack. Paul Vixie published the
basic idea in 1995 at Usenix Security
(http://www.usenix.org/publications/library/proceedings/security95/vixie.html)
-- in a section titled "What We Cannot Fix", he wrote:
With only 16 bits worth of query ID and 16 bits worth of UDP port
number, it's hard not to be predictable. A determined attacker
can try all the numbers in a very short time and can use patterns
derived from examination of the freely available BIND code. Even
if we had a white noise generator to help randomize our numbers,
it's just too easy to try them all.
So this seems to me to only be really true in a theoretical sense.
Exploring the whole 32 bit space obviously requires well in excess of 4
GB of traffic, which is clearly a non-trivial amount to dump on your victim.
According to other data, the fix in BIND is to:
a) use random ports
b) use a good PRNG
so I'm beginning to suspect the issue is simply that the theory that it
was easy to attack led to no effort being made to make it as hard as
possible. And now it has.
Obligatory crypto: the ISC web page on the attack notes "DNSSEC is the
only definitive solution for this issue. Understanding that immediate
DNSSEC deployment is not a realistic expectation..."
The beauty of DNSSEC being, of course, that any answer that verifies can
be trusted - so its of no interest who provided that answer.
--
http://www.apache-ssl.org/ben.html http://www.links.org/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
