[EMAIL PROTECTED] wrote: > Even if you have a local caching DNS server pointing to root DNS > level always.... > > Aren't you still vulnerable because DNS doesn't do authentication? > (RSA keys and all that stuff) > > Couln't I act like a root DNS server and send bogas traffic to your > PC causing all kinds of mischief??? How would you protect against > *that*?
Crack, or route to your box one of these IP addresses: 198.41.0.4 192.228.79.201 192.33.4.12 128.8.10.90 192.203.230.10 192.5.5.241 192.112.36.4 128.63.2.53 192.36.148.17 198.41.0.10 193.0.14.129 198.32.64.12 202.12.27.33 Those are the IP addresses of the root servers, and my cache queried by IP address, not by name. Think about it, in order to find a name, you have to know where to look. If all you have is a name of a root server, how are you going to look up that IP address? This is why cache's are loaded with the IP numbers of the root servers. So you can either hack one of those boxes, and insert your own data, OR you can route all traffic going to those IP's to boxes under your control. http://cr.yp.to/djbdns/forgery.html A good read for those interested in further information. -john -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
