[Owasp-Mumbai] DNS poisoning - wide impact

vaibhav aher vaibhavaher at gmail.com
Fri Jul 11 02:48:40 EDT 2008


Thanks Jitesh,
This is really good Article.


On Fri, Jul 11, 2008 at 1:48 AM, Kamat, Jitesh <Jitesh.Kamat at gs.com> wrote:

> Dan Kaminsky will provide details on the vuln. during Blackhat2008 in
> Vegas, [I'll be there : -)] but initial reports suggest that it is a
> fundamental design issue which makes guessing DNS query transaction ID
> possible. (as they say, look closely and there is a pattern even in
> randomness : -)
>
> With much press attention on this issue, wanted to share a refresher on
> cache attacks with the list : http://www.lurhq.com/dnscache.pdf
>
> It's a good read.
>
> -Jitesh Kamat
>
>
> -----Original Message-----
> From: Yash Kadakia [mailto:teccoder at gmail.com]
> Sent: Thursday, July 10, 2008 1:38 PM
> To: Kamat, Jitesh
> Cc: owasp-mumbai at lists.owasp.org
> Subject: Re: [Owasp-Mumbai] DNS poisoning - wide impact
>
> Problems such as DNS Poisoning, DNS Pinning have existed for a while.
> Unfortunately most organizations wait for an out-break to occur before
> any security measures are taken.
>
> Anyway that being said, I am glad that at-least some effort has been
> taken to patch this flaw.
> --
> Yash Kadakia
>
>
> Kamat, Jitesh wrote:
> > Most of you are probably already aware of the recent DNS poisoning
> > vulnerability (read more here:
> > http://www.darkreading.com/document.asp?doc_id=158442&WT.svl=news1_2)
> > that was discovered by Dan Kaminsky. To remediate this one , major
> > players in the industry have collaborated - this is an impressive
> > effort.
> >
> > Readup Kaminsky's blog which also has a quick DNS checker to find if
> > your own firm's DNS is vulnerable: http://www.doxpara.com/?p=1162
> >
> >   - Jitesh Kamat
> > _______________________________________________
> > OWASP-Mumbai mailing list
> > OWASP-Mumbai at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-mumbai
> >
> _______________________________________________
> OWASP-Mumbai mailing list
> OWASP-Mumbai at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-mumbai
>



-- 
Vaibhav Aher
ISO27001,C|EH
Security Consultant
+91 09225325661
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-mumbai/attachments/20080711/cdb14183/attachment.html 


More information about the OWASP-Mumbai mailing list