At Tue, 2 Sep 2008 16:51:55 -0400, "L. Gabriel Somlo" <[EMAIL PROTECTED]> wrote:
> > Of course, if the recursive server has cached a valid www.cnn.com/A, > > the result of the attack won't be effective until it expires. But > > once it expires, the attacker gets the full control of it and keeps > > the situation as long as they want. (This is different from how the > > TTL matters in the traditional brute force attacks). > > I tried that, and it doesn't work if the victim server already has an I also tried that successfully. What exactly did you try, and how didn't it work? > A record for www.cnn.com cached. The attack you described relies on > there being nothing in the cache for www.cnn.com. The presence of an A > record means the attack must succeed before the valid A record gets > cached or wait until after it expires and before it gets renewed again. No, the presence of an A record simply means the attack is not effective until the A record expires (the attack itself succeeds anytime unless the server also caches www.cnn.com./NS, which is very unlikely). When "it gets renewed again", the server is already poisoned with the forged NS, and it will be poisoned with a forged A record by the forged NS. --- JINMEI, Tatuya Internet Systems Consortium, Inc.
