[Owasp-Mumbai] DNS poisoning - wide impact
sant.jadhav at gmail.com
Fri Jul 11 11:58:15 EDT 2008
Yup Jitesh..you are right.. It was pointed out some 3 years ago..gained
Anyways be late than never :)
On Fri, Jul 11, 2008 at 12:18 PM, vaibhav aher <vaibhavaher at gmail.com>
> Thanks Jitesh,
> This is really good Article.
> On Fri, Jul 11, 2008 at 1:48 AM, Kamat, Jitesh <Jitesh.Kamat at gs.com>
>> Dan Kaminsky will provide details on the vuln. during Blackhat2008 in
>> Vegas, [I'll be there : -)] but initial reports suggest that it is a
>> fundamental design issue which makes guessing DNS query transaction ID
>> possible. (as they say, look closely and there is a pattern even in
>> randomness : -)
>> With much press attention on this issue, wanted to share a refresher on
>> cache attacks with the list : http://www.lurhq.com/dnscache.pdf
>> It's a good read.
>> -Jitesh Kamat
>> -----Original Message-----
>> From: Yash Kadakia [mailto:teccoder at gmail.com]
>> Sent: Thursday, July 10, 2008 1:38 PM
>> To: Kamat, Jitesh
>> Cc: owasp-mumbai at lists.owasp.org
>> Subject: Re: [Owasp-Mumbai] DNS poisoning - wide impact
>> Problems such as DNS Poisoning, DNS Pinning have existed for a while.
>> Unfortunately most organizations wait for an out-break to occur before
>> any security measures are taken.
>> Anyway that being said, I am glad that at-least some effort has been
>> taken to patch this flaw.
>> Yash Kadakia
>> Kamat, Jitesh wrote:
>> > Most of you are probably already aware of the recent DNS poisoning
>> > vulnerability (read more here:
>> > http://www.darkreading.com/document.asp?doc_id=158442&WT.svl=news1_2)
>> > that was discovered by Dan Kaminsky. To remediate this one , major
>> > players in the industry have collaborated - this is an impressive
>> > effort.
>> > Readup Kaminsky's blog which also has a quick DNS checker to find if
>> > your own firm's DNS is vulnerable: http://www.doxpara.com/?p=1162
>> > - Jitesh Kamat
>> > _______________________________________________
>> > OWASP-Mumbai mailing list
>> > OWASP-Mumbai at lists.owasp.org
>> > https://lists.owasp.org/mailman/listinfo/owasp-mumbai
>> OWASP-Mumbai mailing list
>> OWASP-Mumbai at lists.owasp.org
> Vaibhav Aher
> Security Consultant
> +91 09225325661
> OWASP-Mumbai mailing list
> OWASP-Mumbai at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Mumbai