Thursday, 10 July 2008

DNS Issues

My response to the Shocker DNS spoofing vuln .
This was one of the many issues I noted in a 2000 report on DNS. ICANN stated my "study was flawed" and got the lawyers involved.
http://news.cnet.com/Security-firm-warns-of-outdated-software/2100-1023_3-241876.html
http://www.zdnet.com.au/news/security/soa/80-000-Domains-at-Risk-DNS-problems-plague-Australia-/0,130061744,120101062,00.htm

I did a followup of this in 2005/2006. I submitted a paper to the IEEE who rejected it. It was "sensationalist", "overly theoretical" and best yet I had a reviewer state "This could never be exploited on a real system" and best that I "obviously have no idea of how DNS works".

I am publishing an updated paper for a SANS GCIA Gold attempt that is coming out later in the year on this and a number of other DNS attacks.

On top of this I expanded the testing. In 2005 I tested 2,500,000 servers. Earlier this year I ran a test of 5,000,000 systems. This will be in the SANS paper.

1. If the Levels of Security (based on patching practices) has improved since 2000 and 2005?
2. How the TLD[1]’s and Australian servers compare to the general population of DNS Servers worldwide,
3. How security the Internet is based on the overall level of DNS Security.

In fact, it looks suspiciously like the one from way back in 1997. There was a theoretical paper I used in this paper in 2000. From what that described and what I have read of this current issue - the paper describes it to a T.

The paper is still available at:
http://bak.spc.org/dms/archive/dns_id_attack.txt

Based on the query ID and port and as a MiTM, we need the details, but it seems awfully similar...

[1] TLD, Top Level Domains

No comments: