[Dailydave] DNS Guess 2 for the day
Dave Aitel
dave at immunityinc.com
Sat Jul 12 16:56:35 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
So you don't really want to spoof the client. You want to spoof the
resolver. So you pretend to be a resolver below it, and pass it along a
fake request (with a TXID), and then immediately send him the spoofed
response (since you specified the TXID) and his port is known. He then
sends you the response (which is the one you spoofed him) and is poisoned.
- -dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFIeRqDtehAhL0gheoRAjo2AJ9bbk3v6CmajHC3h+vPGbpa4Z7o+QCfR1jf
CTakU4SaHHnQiwIh9fUUwsA=
=iZ/k
-----END PGP SIGNATURE-----
More information about the Dailydave
mailing list