[Dailydave] DNS Guess 2 for the day
Marc Heuse
mh at baseline-security.de
Mon Jul 14 08:57:45 EDT 2008
Jon Oberheide wrote:
> On Sun, 2008-07-13 at 20:09 -0700, piggly wiggly wrote:
>> Basically it has to do with ICMP packets (spoofed ICMP unreachables sent
>> in response to DNS packets the attacker can't see, but can guess - thanks
>> to non-random port selection).
>
> Or ICMP redirect messages for that matter (although I'd hope most sane
> distributions are shipping with accept_redirects off by default
> nowadays).
most distributions ship with secure redirects enabled - which is not
"secure" in a sensible way ;-)
> So the attacker would have to guess the 16-bit IP ID correctly to have
> his ICMP unreachable accepted which would be just as difficult as
> guessing the DNS TXID. Stacks that still use incremental IP ID
> generation could be affected, however.
thankfully IP IDs were removed in IPv6 ...
Cheers,
Marc
--
Marc Heuse
Mobil: +49 177 9611560
Fax: +49 30 28097468
www.baseline-security.de
Baseline Security Consulting
Chausseestr. 15
10115 Berlin
Ust.-Ident.-Nr.: DE244222388
PGP: D069 301E B401 828C 4E72 0BEA D9C9 6088 36F2 A05E
More information about the Dailydave
mailing list