FreeBSD 7.1 and BIND exploit
Clifton Royston
cliftonr at lava.net
Tue Jul 22 17:07:28 UTC 2008
On Tue, Jul 22, 2008 at 09:39:20AM -0700, Doug Barton wrote:
> cpghost wrote:
> >Yes indeed. If I understand all this correctly, it's because the
> >transaction ID that has to be sent back is only 2 bytes long,
>
> 2 bits, 16 bytes.
^^^^ ^^^^^ Think you mean those the other way!
> >and if the query port doesn't change as well with every query, that
> >can be cracked in milliseconds: sending 65536 DNS queries to a
> >constant port is just way too easy! The namespace is way too small,
> >and there's no way to fix this by switching to, say, 4 bytes or
> >even more for the transaction ID without breaking existing
> >resolvers; actually without breaking the protocol itself.
>
> That's more or less accurate, yes.
>
> Doug
I just saw mention in Infoworld - adequate details of the exploit
were guessed by another developer and then confirmed. They're now
circulating, so I think we can expect engineered attacks soon.
All:
Upgrade your servers today, do not wait.
-- Clifton
--
Clifton Royston -- cliftonr at iandicomputing.com / cliftonr at lava.net
President - I and I Computing * http://www.iandicomputing.com/
Custom programming, network design, systems and network consulting services
More information about the freebsd-stable
mailing list