FreeBSD 7.1 and BIND exploit
Doug Barton
dougb at FreeBSD.org
Tue Jul 22 16:39:22 UTC 2008
cpghost wrote:
> Yes indeed. If I understand all this correctly, it's because the
> transaction ID that has to be sent back is only 2 bytes long,
2 bits, 16 bytes.
> and if the query port doesn't change as well with every query, that
> can be cracked in milliseconds: sending 65536 DNS queries to a
> constant port is just way too easy! The namespace is way too small,
> and there's no way to fix this by switching to, say, 4 bytes or
> even more for the transaction ID without breaking existing
> resolvers; actually without breaking the protocol itself.
That's more or less accurate, yes.
Doug
--
This .signature sanitized for your protection
More information about the freebsd-stable
mailing list