I figured this presentation might be of interest to this list: https://i.blackhat.com/eu-18/Thu-Dec-6/eu-18-Heftrig-Off-Path-Attacks-Against-PKI.pdf
It seems they found 5 (unspecified) public CAs out of 17 tested were vulnerable to this attack, which can be performed by an off-path attacker. The TL;DR is you can force fragmentation by spoofing ICMP fragmentation needed packets, and then cause the DNS answer to be split into two fragments, one with all the actual anti-spoofing relevant information (TXID, UDP source port, etc), and one with the actual DNS answer data of interest. Then all you have to do is guess the IPID and keep the UDP checksum valid, both of which are practical, and you can spoof the second fragment with whatever you want. Yet another reason to push for DNSSEC everywhere (and pervasive use of CAA records to reduce attack surface). This is scary enough I think CAs should be required to implement practical mitigations. Thoughts? -- Hector Martin (mar...@marcan.st) Public Key: https://mrcn.st/pub _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
