____/ Linonut on Wednesday 14 November 2007 17:25 : \____
> After takin' a swig o' grog, p5000011 belched out this bit o' wisdom:
>
>> http://www.securityfocus.com/archive/1/483635/30/0/threaded
>>
>> | After 6 months - fix available for Microsoft DNS cache poisoning
>> | attack
>> |
>> | On April this year I discovered a new vulnerability that enables DNS
>> | cache poisoning attack against the Windows DNS server. Today (November
>> | 13th, 2007) - six and a half months after being informed - Microsoft
>> | released a fix for this vulnerability. As the fix is now publicly
>> | available, I can finally share my research finding with you.
>
> Random numbers again:
>
> The transaction ID is
> supposed to be a secure, random number that the attacker must
> guess in order to poison the DNS cache. There are 65,536 possible
> transaction ID values which make enumeration impractical in the
> current network conditions.
>
> The weakness I found is in the transaction ID generation
> algorithm of Windows DNS Server. By observing a few consecutive
> transaction IDs from the same DNS server an attacker can predict
> its next value.
But it's all encoded in binary, so nobody will notice. [sarcasm /]
--
~~ Best of wishes
Apprentice - fancy word for "slave"
http://Schestowitz.com | Open Prospects | PGP-Key: 0x74572E8E
Tasks: 116 total, 1 running, 115 sleeping, 0 stopped, 0 zombie
http://iuron.com - knowledge engine, not a search engine
|
|