Re: [Full-disclosure] DNS Cache Dan Kamikaze (Actual Exploit Discussion)



On Sun, Jul 13, 2008 at 2:27 PM, eugaaa@xxxxxxxxx <eugaaa@xxxxxxxxx> wrote:
...
So on that note I'll be more direct. Has anyone actually preemptively
written any code or reversed this issue on their own? Or just, you
know, attempted to understand the vulnerability in detail instead of
relying on these intentionally vague advisories (dan)?

my money is currently on ICMP port unreachable combined with the
predictable ports to trick vulnerable resolvers into thinking the
configured nameservers are offline:

http://wari.mckay.com/~rm/dns_theroy.txt

you could fix this via the method described, and not imply that the
ICMP was part of the vector.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/