Slashdot Mirror

← Back to Stories (view on slashdot.org)

DNS Flaw Hits More Than Just the Web

Posted by timothy on from the gee-dan-thanks-thanks-a-bunch dept.

gringer writes "Dan Kaminsky presented at the Black Hat conference in Las Vegas on Wednesday, and said that the DNS vulnerability he discovered is much more dangerous than most have appreciated. Besides hijacking web browsers, hackers might attack email services and spam filters, FTP, Rsync, BitTorrent, Telnet, SSH, as well as SSL services. Ultimately it's not a question of which systems can be attacked by exploiting the flaw, but rather which ones cannot. Then again, it could just be hype. For more information, see Kaminsky's power point presentation." Update: 08/07 19:48 GMT by T : There's also an animation of the progress of the patch.

6 of 215 comments (clear)

  1. SSH and SSL protected by Anonymous Coward · · Score: 5, Informative

    SSH will raise the key changed warning if you've connected before.

    SSL will raise a certificate error unless they have some way of getting a fake cert.

    1. Re:SSH and SSL protected by brunascle · · Score: 5, Informative

      which is why browsers come with the CAs' public keys cached.

  2. Bittorrent? Not really. by 42forty-two42 · · Score: 5, Informative

    Virtually all bittorrent clients support a distributed hash table, and inter-client peer exchange protocol, which means that as long as you have the .torrent metafile you can bootstrap yourself into the torrent (neither DHT nor peer exchange uses DNS at all in fact, except perhaps when the client is first installed to bootstrap). The only impact would be on obtaining said .torrent file, which is explicitly out of bittorrent's problem domain.

  3. Do I understand this right? by flaming+error · · Score: 4, Informative

    Bad guy can force the name server to go run to the good guy and look something up It takes time to get the real request (with random number) to the good guy It takes more time to get the real response back from the good guy It takes no time for the bad guy to immediately follow up a request with a fake response Might have the wrong random number, but it'll definitely arrive first

    So:
    1) Bad guy pretends he's a desktop pc (Stub Resolver)
    2) Bad guy as Stub Resolver asks some arbitrary name server for the target's address
    2) Bad guy knows the name server will eventually ask the target
    3) Bad guy spoofs the target and sends his own replies back to the name server
    4) One of the bad guy's spoof replies happens to match the Transaction ID
    6) Name server thinks the bad guy's reply cames from target
    7) Name server thinks the target lives at the IP address in Bad Guy's spoofed reply

  4. Plaintext version by 42forty-two42 · · Score: 3, Informative

    On google docs: http://docs.google.com/Presentation?id=dd9j7tj4_107hd7g9bfs

  5. Re:To everyone on 216.34.181.45 by Furry+Ice · · Score: 3, Informative

    Interesting...if you go to http://216.34.181.45/ you get a 301 redirect to slashdot.org, so using the IP directly doesn't help you, unless you make sure to send the Host header.