[At-Large] An Illustrated Guide to the Kaminsky DNS Vulnerability
Robert Guerra
lists at privaterra.info
Sat Aug 16 16:09:11 EDT 2008
I came across the following article that I think could be of interest to
At-Large.
regards
Robert
---
An Illustrated Guide to the Kaminsky DNS Vulnerability
http://www.unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html
The big security news of Summer 2008 has been Dan Kaminsky's discovery of a
serious vulnerability in DNS. This vulnerability could allow an attacker to
redirect network clients to alternate servers of his own choosing,
presumably for ill ends.
This all led to a mad dash to patch DNS servers worldwide, and though there
have been many writeups of just how the vulnerability manifests itself, we
felt the need for one in far more detail. Hence, one of our Illustrated
Guides.
This paper covers how DNS works: first at a high level, then by picking
apart an individual packet exchange field by field. Next, we'll use this
knowledge to see how weaknesses in common implementations can lead to cache
poisoning.
By fully understanding the issues at play, the reader may be better equipped
to mitigate the risks in his or her own environment.
More information about the At-Large
mailing list