> The DNS exploit in question involves poisoning DNS resolution responses
> from a DNS server. What you describe sounds more like a phishing attack.
It's a blended attack, sure. But as a malicious attacker, all I need is to
get you to query for an invalid host address in a legitimate domain. So...
I send your user an email advertising cute kitten movies at
site1.example.net, and your user clicks on the link.
I control DNS for example.net, so now I have an initial response to work
with; I know your server's address and a starting port number.
site1.example.net has embedded images that are links to
bogus001.bankofamerica.com through bogus2000.bankofamerica.com. This means
your server will be querying bankofamerica.com name servers for invalid
hosts, and I know it, and I know where to direct my spoofed answers complete
with a spoofed NS record. Now I flood your server with false responses.
In roughly 11 seconds (per Paul Vixie, who just might know a thing or two
about DNS), I get lucky. Now your server has cached my bogus NS record for
bankofamerica.com, so when your users attempt to visit a legitimate
bankofamerica.com website, instead they reach a site I have set up with my
RBN pals somewhere in China. Sure, they'll get an SSL invalid error, but how
many users know or care what that means?
So: One user, one URL, and you've been pwned, even if your users never click
on a fake bankofamerica.com link, even if they use their own trusted
bookmarks, even if they type the URL in to their browser manually. Nervous
yet?
--
Dave Pooser, ACSA
Manager of Information Services
Alford Media http://www.alfordmedia.com
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
This email sent to email@hidden
