erik quanstrom wrote:
what is this "web 2.0" of which you speak?
Web 2.0, n. A space created by artists who got all excited when they
heard the word "sandbox," not realizing it meant the opposite of what
they thought.
wk
> > 2. who does recursive queries on external interfaces?
> > i would have considerd this a configuration error and
> > security problem ten years ago.
> >
>
> Tell that to the rest of the internet.
without reasonable configuration, most any machine can
be made trivially vulnerable.
> vectors
i don't understand this
1. plan 9 never used a static source port for queries,
and more importantly
Erm, sequential source ports are close enough.
2. who does recursive queries on external interfaces?
i would have considerd this a configuration error and
security problem ten years ago.
T
// 1. plan 9 never used a static source port for queries,
Using dynamic ports is better than static, but if they're
sequential (or otherwise predictable), it doesn't buy you
all that much.
// 2. who does recursive queries on external interfaces?
I've been traveling in companies and countries w
> The exploit doesn't simply rely on the 16bit dns XID.
> Rather, it's reliant on the fact that bind servers
> (and some others) send requests from a static port.
> Obviously, if you control a DNS server or you can
> sniff the target DNS server's path, you can figure
> this out.
>
> The second par
if you're running ndb/dns -r, you need to build and boot a
new kernel to get the full 30 bits.
Bing!
The exploit doesn't simply rely on the 16bit dns XID.
Rather, it's reliant on the fact that bind servers
(and some others) send requests from a static port.
Obviously, if you control a DNS server or you can
sniff the target DNS server's path, you can figure
this out.
The second part to the trick
>> those things combined mean that you get 15 bits of randomness
>> from query id and 15 from source port, giving 30 bits,
>> so ndb/dns is okay (for now).
>
> why only 15 in the query id? that's an artifact of rand()
> which returns 0 ≤ n ≤ 0x7fff. why not return numbers
> between 0 and 0x?
> those things combined mean that you get 15 bits of randomness
> from query id and 15 from source port, giving 30 bits,
> so ndb/dns is okay (for now).
why only 15 in the query id? that's an artifact of rand()
which returns 0 ≤ n ≤ 0x7fff. why not return numbers
between 0 and 0x?
- erik
>> i'm not a dns user (just the client side) on Plan9,
>> is the server part vulnerable to the recent poisonning attacks?
>
> i think the recent dns cache-poisoning vulnerability
> is more self promotion than substance.
i agreed until i saw the supposed exploit details that were
published last
10 matches
Mail list logo
