erik quanstrom wrote:
what is this web 2.0 of which you speak?
Web 2.0, n. A space created by artists who got all excited when they
heard the word sandbox, not realizing it meant the opposite of what
they thought.
wk
i'm not a dns user (just the client side) on Plan9, is the server part
vulnerable to the recent poisonning attacks?
i think the recent dns cache-poisoning vulnerability
is more self promotion than substance. my friends
at [dns operator] agree.
however, ndb/dns does use randomized query ids.
i'm not a dns user (just the client side) on Plan9,
is the server part vulnerable to the recent poisonning attacks?
i think the recent dns cache-poisoning vulnerability
is more self promotion than substance.
i agreed until i saw the supposed exploit details that were
published last week.
those things combined mean that you get 15 bits of randomness
from query id and 15 from source port, giving 30 bits,
so ndb/dns is okay (for now).
why only 15 in the query id? that's an artifact of rand()
which returns 0 ≤ n ≤ 0x7fff. why not return numbers
between 0 and 0x?
- erik
those things combined mean that you get 15 bits of randomness
from query id and 15 from source port, giving 30 bits,
so ndb/dns is okay (for now).
why only 15 in the query id? that's an artifact of rand()
which returns 0 ≤ n ≤ 0x7fff. why not return numbers
between 0 and 0x?
one
The exploit doesn't simply rely on the 16bit dns XID.
Rather, it's reliant on the fact that bind servers
(and some others) send requests from a static port.
Obviously, if you control a DNS server or you can
sniff the target DNS server's path, you can figure
this out.
The second part to the trick
if you're running ndb/dns -r, you need to build and boot a
new kernel to get the full 30 bits.
Bing!
The exploit doesn't simply rely on the 16bit dns XID.
Rather, it's reliant on the fact that bind servers
(and some others) send requests from a static port.
Obviously, if you control a DNS server or you can
sniff the target DNS server's path, you can figure
this out.
The second part to
// 1. plan 9 never used a static source port for queries,
Using dynamic ports is better than static, but if they're
sequential (or otherwise predictable), it doesn't buy you
all that much.
// 2. who does recursive queries on external interfaces?
I've been traveling in companies and countries
i don't understand this
1. plan 9 never used a static source port for queries,
and more importantly
Erm, sequential source ports are close enough.
2. who does recursive queries on external interfaces?
i would have considerd this a configuration error and
security problem ten years ago.
2. who does recursive queries on external interfaces?
i would have considerd this a configuration error and
security problem ten years ago.
Tell that to the rest of the internet.
without reasonable configuration, most any machine can
be made trivially vulnerable.
vectors that are
11 matches
Mail list logo