Home » Mailing list archives » openbsd-misc » 2008 » July » 9

Re: Actual BIND error - Patching OpenBSD 4.3 named ?

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Steve Tornio <swtornio@...>
To: misc <misc@...>
Subject: Re: Actual BIND error - Patching OpenBSD 4.3 named ?
Date: Wednesday, July 9, 2008 - 1:44 pm

On Jul 9, 2008, at 12:19 PM, Ted Unangst wrote:


>> n front). something like,


But does it allow a poisoned reply from the spoofed address?


As I understand the threat, based on the limited information:


1. Attacker sends valid user a www.badman.com link to click on

2. Resolver queries to badman.com NS from port 55555 for

www.badman.com, which is a CNAME to www.ebay.com

3. New query for www.ebay.com to ebay.com NS originates from udp port

54321

4. A spoofed UDP packet from the badman.com NS using 55555 shouldn't

match the ebay query, and the poisoning shouldn't work.


If I'm missing something, I welcome any corrections.


Thanks,

Steve
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
Re: Actual BIND error - Patching OpenBSD 4.3 named ?, Stuart Henderson, (Wed Jul 9, 8:10 am)
Re: Actual BIND error - Patching OpenBSD 4.3 named ?, David Krause, (Thu Jul 10, 12:58 pm)
Re: Actual BIND error - Patching OpenBSD 4.3 named ?, Ted Unangst, (Wed Jul 9, 1:19 pm)
Re: Actual BIND error - Patching OpenBSD 4.3 named ?, Steve Tornio, (Wed Jul 9, 1:44 pm)
Re: Actual BIND error - Patching OpenBSD 4.3 named ?, Ted Unangst, (Wed Jul 9, 2:09 pm)
Re: Actual BIND error - Patching OpenBSD 4.3 named ?, openbsd misc, (Wed Jul 9, 3:49 pm)
Re: Actual BIND error - Patching OpenBSD 4.3 named ?, mark reardon, (Wed Jul 9, 8:26 am)