A Taxonomy of Cache Poisoning Attacks?
Jesus Couto
jesus.couto at innosec.es
Thu Aug 24 17:31:40 UTC 2000
On Thu, 24 Aug 2000, Cricket Liu wrote:
> > - Done by adding an answer section to a query: this is fixed in
> > newer BIND versions.
>
> I'm not sure what you mean by this. Queries don't have an answer
> section, and if they did, what effect would that have upon the
> queried name server?
I'm not sure either, I'm reading it from the Network Intrusion
Detection FAQ:
DNS cache poisoning
Every DNS packet contains a "Question" section and
"Answer" section. Vulnerable servers will believe
(and cache) Answers that you send along with
Questions. Most, but not all, DNS servers have been
patched as of November, 1998.
And I remember reading something about it before somewhere else,
but dont remember where.
>
> > - Done by sending bogus information in the additional info
> > section: this is something I'm not 100% clear about. It seems possible, it
> > also seems BIND takes some measures against it, but it seems also to be
> > fundamentally impossible to fix till DNSSEC is out. This is one
> > kind of attack I would like more info.
>
> BIND 4.9.7 and 8.1.2 included code to ignore unrelated records
> included in the additional data section.
Unrelated, as in A records that have nothing to do with the query,
right? But, what if I say that one of the NS for a zone I manage is
ns.domaintobetaken.com and include an A pointing to a server I
control? Are those also ignored?
Thanks again,
Jesus Couto F.
More information about the bind-users
mailing list