[prev in list] [next in list] [prev in thread] [next in thread]
List: dns-operations
Subject: [dns-operations] first (lab) spoof of a fully source port randomised server reported
From: briand () ca ! afilias ! info (Brian Dickson)
Date: 2008-08-08 19:12:03
Message-ID: 489C9A83.9070002 () ca ! afilias ! info
[Download RAW message or body]
Ray.Bellis at nominet.org.uk wrote:
>> http://tservice.net.ru/~s0mbre/blog/devel/networking/dns/2008_08_08.html
>>
>> "Attack took about half of the day, i.e. a bit less than 10 hours.
>> So, if you have a GigE lan, any trojaned machine can poison your DNS
>>
> during
>
>> one night... "
>>
>
> I note that their figures (130k requests, 40k-50k fake replies per
> request) suggest a minimum of 5.2e9 fake replies were sent.
>
> As I understand it, that's over twice as many requests as should *on
> average* be needed to spoof a system with 32 bits of entropy (i.e. 2.0e9).
>
I don't think so - 32 bits (unsigned) is 2^32, or roughly 4.3e9.
It might be that you are able to hit a 50% probability with half that.
But to guarantee 100%, you need to actually go > 100% of probability,
since it is a moving target.
Basically, the numbers look right to me.
Brian
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic