tcp/udp, clarification please
Brad Knowles
brad.knowles at skynet.be
Thu Oct 11 15:51:36 UTC 2001
At 8:23 AM -0700 2001/10/11, Bill Manning wrote:
> The biggest problem is your assertion that TCP access to the DNS is how
> most hacks to the DNS occur. I, for one, would be interested in how you
> reached this conclusion and any data you have to back this belief. Most
> of the attack vectors to the DNS, that I am aware of, are exploitable
> via UDP as well as TCP.
Actually, the more I think about it, the more I think that
most DNS-related attacks probably come through UDP and not TCP. It's
much harder to spoof a "reply" as coming from a particular host with
TCP, whereas it's trivially easy to do with UDP. This means that
cache-poisoning attacks are harder to perform over TCP and much
easier over UDP. Most other DNS-related attacks (including DoS
attacks) that I know of also make use of UDP and not TCP.
--
Brad Knowles, <brad.knowles at skynet.be>
H4sICIFgXzsCA2RtYS1zaWcAPVHLbsMwDDvXX0H0kkvbfxiwVw8FCmzAzqqj1F4dy7CdBfn7
Kc6wmyGRFEnvvxiWQoCvqI7RSWTcfGXQNqCUAnfIU+AT8OZ/GCNjRVlH0bKpguJkxiITZqes
MxwpSucyDJzXxQEUe/ihgXqJXUXwD9ajB6NHonLmNrUSK9nacHQnH097szO74xFXqtlbT3il
wMsBz5cnfCR5cEmci0Rj9u/jqBbPeES1I4PeFBXPUIT1XDSOuutFXylzrQvGyboWstCoQZyP
dxX4dLx0eauFe1x9puhoi0Ao1omEJo+BZ6XLVNaVpWiKekxN0VK2VMpmAy+Bk7ZV4SO+p1L/
uErNRS/qH2iFU+iNOtbcmVt9N16lfF7tLv9FXNj8AiyNcOi1AQAA
More information about the bind-users
mailing list